[whatwg] Uploading directories of files
L. David Baron
dbaron at dbaron.org
Sun Dec 13 00:01:25 PST 2009
On Friday 2009-12-11 02:17 -0800, Jeremy Orlow wrote:
> But regardless.....I don't think you could argue that having _some_ path
> information is worse than _none_, right?
Many of those who commented in
https://bugzilla.mozilla.org/show_bug.cgi?id=143220 and its
duplicates would disagree. Users may not expect the act of
uploading a file to give the Web site details of their file system
structure. There also seems to be some concern that those details
may provide information useful to an attacker.
L. David Baron http://dbaron.org/
Mozilla Corporation http://www.mozilla.com/
More information about the whatwg