[EMAIL PROTECTED] wrote: > In https://bugzilla.mozilla.org/show_bug.cgi?id=258875 I propose making > the text control in a file input be readonly. This will prevent various > kinds of spoofing attacks, but it may affect usability. Any > objections/counterproposals?
I like jruderman's idea from bug 57770 much better. He proposes to show a warning dialog before uploading any files that have been selected via the text control. see here https://bugzilla.mozilla.org/attachment.cgi?id=17860 or here https://bugzilla.mozilla.org/show_bug.cgi?id=57770#c31 _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
