Re: firefox file-upload broken?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Mike Wright wrote:
Hi all,

F10, firefox-3.0.13. Don't know if this is a firefox or fedora firefox bug.
Any web developers out there???

Given this html:

    <form><input type='file' /></form>

View that in the browser and you will see an input text box with a "Browse" button.
Click inside the text box.

If your experience matches mine it will act as if the "Browse" button has been pressed and a "File Open" dialog box opens. That is broken with a capital F!
This is a deliberate change by the mozilla developers. The problem was
that there were too many ways to exploit a user editable file entry
field to trick people into uploading files they didn't mean to.
Some of the possible exploits, and the change you saw are explained at:

They mention that this will annoy people who know what they're doing - but the security implications overrode this consideration.
Maybe a better place to address the concern is whoever provides your
file browser dialog?

fedora-list mailing list
[email protected]
To unsubscribe:

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux