S�ren Kuklau wrote: > On 4/4/2002 4:53 AM, Boris Zbarsky apparently wrote exactly the following: > >> Erik Arvidsson wrote: >> >>> How is that possible when the "Select file for upload" dialog is shown? >> > >> It's not shown if the filename is just typed in the filename field
Yes: the thought of someone doing <form> <input type="file" value="c:\windows\outlook.pst" style="float: right; width: 0; height 0; margin 0;"> <!-- legitimate stuff --> </form> (hope I get that right) is rather unpleasant. [outlook.pst is where all your email gets stored if you use outlook on windows 95/98/Me.] However it is not clear to me that disabling CSS on form elements is the best way of protecting gainst this. > In this special case (a styled input type="file" plus a predefined > value), we should alert the user. I think that the best solution would be to issue an alert if the user submits the form, if the submitted value of the <input type="file"> equals the default value. Something like "Submitting this form will cause the file <filename> to be uploaded. Are you sure?" [continue] [cancel] Tim.
