[whatwg] Uploading directories of files

L. David Baron dbaron at dbaron.org
Sun Dec 13 00:01:25 PST 2009


On Friday 2009-12-11 02:17 -0800, Jeremy Orlow wrote:
> But regardless.....I don't think you could argue that having _some_ path
> information is worse than _none_, right?

Many of those who commented in
https://bugzilla.mozilla.org/show_bug.cgi?id=143220 and its
duplicates would disagree.  Users may not expect the act of
uploading a file to give the Web site details of their file system
structure.  There also seems to be some concern that those details
may provide information useful to an attacker.

-David

-- 
L. David Baron                                 http://dbaron.org/
Mozilla Corporation                       http://www.mozilla.com/



More information about the whatwg mailing list