[whatwg] File Upload Control
Lachlan Hunt
lachlan.hunt at iinet.net.au
Sun Sep 5 07:40:08 PDT 2004
Ian Hickson wrote:
> You'd be surprised how easy it is to trick users into typing things like
> that. For example:
>
> Q3. What is the path to a Linux system's password file?
> [ ]
>
> (( Submit Quiz ))
Do you mean just like these examples I just created?
http://lachy.id.au/dev/markup/examples/forms/file/
I've have added comments about this security hole on bug 57770 in
bugzilla. (comments 54 and 55)
http://bugzilla.mozilla.org/show_bug.cgi?id=57770#c54
--
Lachlan Hunt
http://www.lachy.id.au/
More information about the whatwg
mailing list