I'm talking about when a site provides a textbox in which to type he location of a local file to upload to the web. There is usually an optional [Browse] button next to it, if the user cannot remember the exact address to type. An then there's a [Upload] button to submit the form that usually includes multiple upload boxes. But now, the browse button is not optional. The process is slowed down to the speed of the user's operating system's default browse-to-file dialog and typing a file name without going though this process manually is problematic, as is viewing the file name after. I understand the reason for this sloppy fix, a nefarious their party could silently steal files by exploiting the old style file upload textboxes. I'm sure the people who implemented the fix are familiar with the details of so I will not repeat them here to 'educate' any would-be thieves.This fix makes a control behave differently than it was designed. This is a dangerous slippery slope that will lead to abuse by nefarious parties. If controls no longer work as designed, any of them can be abused to do all kinds of dangerous things the user does not expect. Please find a better solution.
I'm not a professional developer, but it seems suffcient to me to popup a warning: "There are X file upload dialog box(s) on this page. If you do not see them all, there might hiiden ones intended to steal copies of your files. [ ]check this box to disable this warning for this page" OR after the form is submitted: "Uploading files can be a security risk and some files can be taken without you having typed them at the website. Please read carefully and verify the following list of files to authorize upload to http://www.actualuploadsite.com file001.xxx file002.xxx file003.xxx file004.xxx file005.xxx [looks good] [no I didn't authorize all of those files] [ ]check this box to disable this warning for actualuploadsite.com only" --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
