[whatwg] Review of the 3.16 section and the HTMLInputElementinterface

Maciej Stachowiak mjs at apple.com
Thu May 15 01:34:06 PDT 2008


On May 14, 2008, at 9:55 AM, Křištof Želechovski wrote:

> I do not feel like having the file submission control styled and  
> customized in any way; submitting a file poses a serious security  
> and privacy risk so I would not like to see this control disguised  
> as something else.  Just like an alert window title, it should have  
> a consistent look for all applications.

The WebKit file input control would, I think, be safe to style because  
it does not have a text field to type into, so no matter what it looks  
like the user has to actively choose a file from the file open dialog  
after clicking on it. The designs of most other browsers would be  
vulnerable to disguising it as something else though, if the user can  
be tricked into typing a file path.

Regards,
Maciej


> Chris
>
> -----Original Message-----
> From: whatwg-bounces at lists.whatwg.org [mailto:whatwg-bounces at lists.whatwg.org 
> ] On Behalf Of Samuel Santos
> Sent: Wednesday, May 14, 2008 6:38 PM
> To: WHATWG; HTMLWG
> Subject: Re: [whatwg] Review of the 3.16 section and the  
> HTMLInputElementinterface
>
> This issue seems to be a very recurring and still unsolved problem  
> when dealing with Web internationalization / multi-language Web Apps.
> I would like to suggest this to be reviewed with an editor comment  
> please.
>
> Additionally, it's important if we could decorate separately the  
> file path text field and the browse button using CSS.
>
> Best reagards,
> Samuel Santos
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080515/c6073da9/attachment-0001.htm>


More information about the whatwg mailing list