[whatwg] element "img" with HTTP POST method (2)

Bjartur Thorlacius svartman95 at gmail.com
Sat Dec 11 06:05:49 PST 2010


On 12/9/10, Philipp Serafin <phil127 at gmail.com> wrote:
> ... on second thought, maybe  it would be an even better idea to just
> define a new "submit" like input type that would submit the form as soon
> as it's fully loaded and display the POST result as an image. This would
> work better with the form metaphor and would present less security
> risks, since only very few sites allow <form> or <input> elements in
> user content.
>
> Martin Janecke's example would then look like this:
>
> <form method="post" action="http://www.forkosh.dreamhost.com/mathtex.cgi">
>  <input type="hidden" name="latexdata" value="\begin{align} (... latex
> ...) \end{align}">
>  <input type="post-image">
> </form>
>
It's still using POST and thus incorrect and harmful. See previous
considerations concerning caching, retries upon networking errors,
etc.



More information about the whatwg mailing list