[whatwg] File Upload Control

Lachlan Hunt lachlan.hunt at iinet.net.au
Sun Sep 5 07:40:08 PDT 2004


Ian Hickson wrote:
> You'd be surprised how easy it is to trick users into typing things like 
> that. For example:
> 
>   Q3. What is the path to a Linux system's password file?
>       [                       ]
> 
>   (( Submit Quiz ))

Do you mean just like these examples I just created?

http://lachy.id.au/dev/markup/examples/forms/file/

I've have added comments about this security hole on bug 57770 in 
bugzilla. (comments 54 and 55)
http://bugzilla.mozilla.org/show_bug.cgi?id=57770#c54
-- 
Lachlan Hunt
http://www.lachy.id.au/




More information about the whatwg mailing list