[whatwg] Review of the 3.16 section and the HTMLInputElementinterface
jonas at sicking.cc
Thu May 15 14:34:52 PDT 2008
Maciej Stachowiak wrote:
> On May 14, 2008, at 9:55 AM, Křištof Želechovski wrote:
>> I do not feel like having the file submission control styled and
>> customized in any way; submitting a file poses a serious security and
>> privacy risk so I would not like to see this control disguised as
>> something else. Just like an alert window title, it should have a
>> consistent look for all applications.
> The WebKit file input control would, I think, be safe to style because
> it does not have a text field to type into, so no matter what it looks
> like the user has to actively choose a file from the file open dialog
> after clicking on it. The designs of most other browsers would be
> vulnerable to disguising it as something else though, if the user can be
> tricked into typing a file path.
Because of this Firefox 3 does not allow typing filenames. If you click
the input field it always brings up the file picker.
More information about the whatwg