[thelist] Local path of uploaded file
ben morrison
morrison.ben at gmail.com
Wed Oct 28 11:03:43 CDT 2009
On Wed, Oct 28, 2009 at 1:24 PM, Lee Kowalkowski
<lee.kowalkowski at googlemail.com> wrote:
> 2009/10/28 Roel Mulder <roel.mulder at gmail.com>:
>> My question is: how do I keep the local path + file name in the <input
>> type="file" /> input field?
>
> It's not possible, otherwise, an attacker would be able to craft a
> form that automatically submits and uploads files against a victim's
> knowledge.
>
> You should try to match your validation in JavaScript if possible to
> help prevent this situation.
Indeed, or validate everything else first, its no biggie we are all used to it.
there maybe a flash uploader that gets around it... maybe not
ben
--
Ben Morrison
More information about the thelist
mailing list