[EMAIL PROTECTED] wrote: > In https://bugzilla.mozilla.org/show_bug.cgi?id=258875 I propose making > the text control in a file input be readonly. This will prevent various > kinds of spoofing attacks, but it may affect usability. Any > objections/counterproposals?
Please don't - or make it an option to restore the old behavior if you do. Some web interfaces where you can upload photos (Shutterfly or some other service I've used) will present you a bunch of file input controls. The way I use these (and I imagine many others do as well) is by first using the browse button for the first one, then copy and paste for the others and change the file name (typically just one character in digital images I've taken). Hmm... maybe even make it so that it is read-only by default, but if you notice someone trying to edit the value, pop up a dialog and ask if they would like to enable editing them for this page. -- Heikki Toivonen _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security