Mike Wright wrote:
Hi all,
F10, firefox-3.0.13. Don't know if this is a firefox or fedora firefox
bug.
Any web developers out there???
Given this html:
<form><input type='file' /></form>
View that in the browser and you will see an input text box with a
"Browse" button.
Click inside the text box.
If your experience matches mine it will act as if the "Browse" button
has been pressed and a "File Open" dialog box opens. That is broken
with a capital F!
This is a deliberate change by the mozilla developers. The problem was
that there were too many ways to exploit a user editable file entry
field to trick people into uploading files they didn't mean to.
Some of the possible exploits, and the change you saw are explained at:
https://bugzilla.mozilla.org/show_bug.cgi?id=258875
They mention that this will annoy people who know what they're doing -
but the security implications overrode this consideration.
Maybe a better place to address the concern is whoever provides your
file browser dialog?
Simon.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
