Re: Security & draft-ietf-html-fileupload-01.txt

Larry Masinter (masinter@parc.xerox.com)
Fri, 16 Dec 94 19:52:40 EST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David - Morris: "Re: HTML3 tables"
Previous message: Form: Memo: "...no subject..."
Maybe in reply to: Richard L. Harris: "Security & draft-ietf-html-fileupload-01.txt"

At the HTML working group where we discussed this, the main 'security
considerations' issue had to do with recommending that the
HTML-interpreting-agent should not accept a file name for transmission
to the ACTION URL that hadn't been confirmed by the user.

If you had other security considerations that you thought needed to be
addressed, please let me know; otherwise, I think they're the same for
'forms that return data from files' and 'forms that return data'.

Next message: David - Morris: "Re: HTML3 tables"
Previous message: Form: Memo: "...no subject..."
Maybe in reply to: Richard L. Harris: "Security & draft-ietf-html-fileupload-01.txt"