Closed
Bug 44465
Opened 24 years ago
Closed 24 years ago
[RFE] use VALUE attribute for <input type="file" ...>
Categories
(Core :: Layout: Form Controls, enhancement, P3)
Tracking
()
VERIFIED
WONTFIX
People
(Reporter: jag+mozbugs, Assigned: rods)
References
Details
Windows 95, build ID 2000070208 linux, build ID 2000070220 Probably XP. Current behaviour: the file select control starts with no files selected Wished behaviour: the file select control starts with the list of one or more file names specified in the VALUE attribute. HTML4 spec, 17.4.1 Control types created with INPUT: | ... | file | Creates a file select control. User agents may use the value of | the value attribute as the initial file name. | ... Note: the spec uses singular "file name" here, but plural in other places (HTML4 spec, 17.2.1 Control types).
Comment 1•24 years ago
|
||
This is a *serious* security risk: <div style="display:none"> <input type="file" value="file://localhost/etc/passwd"> <input type="file" value="file:///c|/windows/administrator.pwl"> </div> <input type="submit" value=" Do Something Innocent And Sweet "> Marking WONTFIX unless a very SECURE way of implementing this feature is found. Anyway, this feature is fatally flawed. You cannot know with certainty where files are going to be on a remote system unless you have access to it, and if you have access to it they you should be using SSH/SCP/FTP to transfer the files and not HTTP. (It would be faster, to start with.)
You need to log in
before you can comment on or make changes to this bug.
Description
•