[whatwg] Uploading directories of files
L. David Baron
dbaron at dbaron.org
Sun Dec 13 00:01:25 PST 2009
On Friday 2009-12-11 02:17 -0800, Jeremy Orlow wrote:
> But regardless.....I don't think you could argue that having _some_ path
> information is worse than _none_, right?
Many of those who commented in
https://bugzilla.mozilla.org/show_bug.cgi?id=143220 and its
duplicates would disagree. Users may not expect the act of
uploading a file to give the Web site details of their file system
structure. There also seems to be some concern that those details
may provide information useful to an attacker.
-David
--
L. David Baron http://dbaron.org/
Mozilla Corporation http://www.mozilla.com/
More information about the whatwg
mailing list