[whatwg] "C:\fakepath\" in HTML5

Alex Henrie alexhenrie24 at gmail.com
Tue Mar 24 10:24:37 PDT 2009

On Tue, Mar 24, 2009 at 10:34 AM, Anne van Kesteren <annevk at opera.com> wrote:
>> Example: A site lets a user upload a file and write some comments
>> associated with that file. On the browser side, a new input element is
>> dynamically created with the name and id "Notes for
>> C:\fakepath\upload.txt". On the server side, the server receives
>> "upload.txt" and looks for "Notes for upload.txt" to match. It of
>> course is not there because the programmer had no idea that the
>> browser would be adding appending a fake path in JavaScript but not in
>> HTTP.
> I don't see how this example could work. Anyway, relying on .value to just
> return a filename is a bogus assumption anyway since lots of user agents out
> there are not doing that.

I mean, if the browser used "C:\fakepath\upload.txt" in both
JavaScript and DOM then there would be no problem in this example. But
mixing "C:\fakepath\upload.txt" and "upload.txt" creates additional


More information about the whatwg mailing list