Imagine if gmail employed this... lol.
On 7/18/06, Hill, Greg <grhill-W2hqgAdRMsX2eFz/2MeuCQ@public.gmane.org>
wrote:>
> >now, one thing js won''t let you do is set the value of the
file input
>
> Actually, there''s a proof-of-concept ''security''
issue about that. What
> you do is have a text input and add an onkeydown event that focuses the
> file input and an onkeyup that re-focuses the text input. Then you
> filter the input for characters in a certain order, and you can set the
> file input to be whatever you want. Of course, you''d have to
figure out
> some text input that would get them to type the file you wanted in the
> correct order (probably with extra garbage characters that are thrown
> away so as not to tip them off). Maybe do a really long captcha :)
>
> And the person writing about that was amazed that Mozilla hasn''t
fixed
> it yet.
>
> Greg
> _______________________________________________
> Rails-spinoffs mailing list
> Rails-spinoffs-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails-spinoffs
>
_______________________________________________
Rails-spinoffs mailing list
Rails-spinoffs-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails-spinoffs