[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mike Wright wrote:
Hi all,

F10, firefox-3.0.13. Don't know if this is a firefox or fedora firefox bug.
Any web developers out there???

Given this html:

    <form><input type='file' /></form>

View that in the browser and you will see an input text box with a "Browse" button.
Click inside the text box.

If your experience matches mine it will act as if the "Browse" button has been pressed and a "File Open" dialog box opens. That is broken with a capital F!
This is a deliberate change by the mozilla developers.  The problem was 
that there were too many ways to exploit a user editable file entry 
field to trick people into uploading files they didn't mean to.
Some of the possible exploits, and the change you saw are explained at:

https://bugzilla.mozilla.org/show_bug.cgi?id=258875

They mention that this will annoy people who know what they're doing - but the security implications overrode this consideration.
Maybe a better place to address the concern is whoever provides your 
file browser dialog?
Simon.

--
fedora-list mailing list
[email protected]
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux