Re: Making file control text editor readonly
Justin Wood (Callek) wrote: p.s. Why is no-one honoring the Followup-To of n.p.m.security? Actually, you're the only one who's set any follow-up of the posts I have, and I've not seen any replies to any of your messages. I'm not even going to see *this* reply, so don't get too stuck-up about follow-ups. -- James Ross [EMAIL PROTECTED] ChatZilla Developer ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
On 08/07/05 23:43, Mats Palmgren wrote: roc wrote: Why can't you open the file browser and paste the URL in there? The native file picker which we use in trunk GTK2 builds does not have a text field. The general UI design of that thing is just a disaster. It's also painfully slow on directories with many files, I often see delays for 10-20 seconds before it even appears on screen! It's so crappy we should stop using it IMO. /Mats Yes, the other one that used to be used is much nicer. (Followup-to set to netscape.public.mozilla.ui. Why did this thread have to be posted to four groups with no followup-to? -- Replace the point in my email address with a period to reply. ;-) ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
That's an argument for fixing bug 111821, not an argument against making the textbox read-only. ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
Why can't you open the file browser and paste the URL in there? Rob ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
roc wrote: That's an argument for fixing bug 111821, not an argument against making the textbox read-only. Or at least an argument for fixing bug 111821 before making the textbox read-only. -- Warning: May contain traces of nuts. ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
roc schrieb: Why can't you open the file browser and paste the URL in there? Because it needs two clicks and several mouse movements more? Robert Kaiser ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
Robert Kaiser wrote: roc schrieb: Why can't you open the file browser and paste the URL in there? Because it needs two clicks and several mouse movements more? Robert Kaiser Not to mention if for accessability reasons you use the mouse for copy/paste. (a simple right-click in the text-box + paste, vs click to open the file-picker, (wait if slow system for directory enumeration), right click in THAT text-box and paste, then click to close the file-picker with the new value... Just seems like WAAAY too much work. ~Justin Wood (Callek) p.s. Why is no-one honoring the Followup-To of n.p.m.security? ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
roc wrote: Why can't you open the file browser and paste the URL in there? The native file picker which we use in trunk GTK2 builds does not have a text field. The general UI design of that thing is just a disaster. It's also painfully slow on directories with many files, I often see delays for 10-20 seconds before it even appears on screen! It's so crappy we should stop using it IMO. /Mats ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
[EMAIL PROTECTED] wrote: In https://bugzilla.mozilla.org/show_bug.cgi?id=258875 I propose making the text control in a file input be readonly. This will prevent various kinds of spoofing attacks, but it may affect usability. Any objections/counterproposals? I like jruderman's idea from bug 57770 much better. He proposes to show a warning dialog before uploading any files that have been selected via the text control. see here https://bugzilla.mozilla.org/attachment.cgi?id=17860 or here https://bugzilla.mozilla.org/show_bug.cgi?id=57770#c31 ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
[EMAIL PROTECTED] schrieb: In https://bugzilla.mozilla.org/show_bug.cgi?id=258875 I propose making the text control in a file input be readonly. This will prevent various kinds of spoofing attacks, but it may affect usability. Any objections/counterproposals? Actually, I also like being able to do what heikki wrote in a different reply... I guess the security concern is automatically entering a file name in the box with a script - what about inventing something that manual editing by the user is possible but automated changes via a script aren't, if that's possible at all? Requiring something with chrome privs (file dialog, eventually routing keyboard input and mouse/keyboard pasting through soemthing setting those) to change the content of the field? It's sometimes quite practical to copy the path from somewhere (other app or other file control) and just paste it into the file control, eventually changing a letter or number there manually afterwards... If we just can make sure the user did the action himself and not had some page-bound script doing it, then we should be fine, I think... Robert Kaiser ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
Robert Kaiser wrote: [EMAIL PROTECTED] schrieb: In https://bugzilla.mozilla.org/show_bug.cgi?id=258875 I propose making the text control in a file input be readonly. This will prevent various kinds of spoofing attacks, but it may affect usability. Any objections/counterproposals? Actually, I also like being able to do what heikki wrote in a different reply... I guess the security concern is automatically entering a file name in the box with a script - what about inventing something that manual editing by the user is possible but automated changes via a script aren't, if that's possible at all? Requiring something with chrome privs (file dialog, eventually routing keyboard input and mouse/keyboard pasting through soemthing setting those) to change the content of the field? Actually, it isn't. Currently web pages *can't* change the value of a file upload control without the UniversalFileRead privilege. It's sometimes quite practical to copy the path from somewhere (other app or other file control) and just paste it into the file control, eventually changing a letter or number there manually afterwards... If we just can make sure the user did the action himself and not had some page-bound script doing it, then we should be fine, I think... See https://bugzilla.mozilla.org/attachment.cgi?id=17860 from bug 57770 (https://bugzilla.mozilla.org/show_bug.cgi?id=57770). The problem is that the *user* did all the interaction with the form, and still managed to attempt an upload of a system file (whether the code should be able to *read* the value is another question, but I suspect there is some long and silly history about allowing that). -- James Ross [EMAIL PROTECTED] ChatZilla Developer ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
James Ross wrote: whether the code should be able to *read* the value is another question, but I suspect there is some long and silly history about allowing that Maybe make it so that the page can only read the value if it was chosen via the filepicker? -- Warning: May contain traces of nuts. ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
Robert Kaiser wrote: See https://bugzilla.mozilla.org/attachment.cgi?id=17860 from bug 57770 (https://bugzilla.mozilla.org/show_bug.cgi?id=57770). The problem is that the *user* did all the interaction with the form, and still managed to attempt an upload of a system file (whether the code should be able to *read* the value is another question, but I suspect there is some long and silly history about allowing that). The real problem I see there is that the doc can trigger a submit before I even unfocus the file control. That should never be possible IMO, as I should be able to realize what I've typed in before I send it to a server. Robert Kaiser A solution to that would be to set a flag (preventing automatic submission) of a form when a file control is being edited. This may get complicated by a user leaving focus on the file control and trying to submit, but I am sure something can be worked out from that. ~Justin Wood (Callek) ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
Neil wrote: James Ross wrote: whether the code should be able to *read* the value is another question, but I suspect there is some long and silly history about allowing that Maybe make it so that the page can only read the value if it was chosen via the filepicker? Why, if I know the correct path to a file I want to upload, I will NOT expect it to create an error for me if I try to type in the path to the file in the text-box. Invoking an enumerator for any directory on my system is much more costly (processor/HD use) than simply entering in a known path. ~Justin Wood (Callek) ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
See https://bugzilla.mozilla.org/attachment.cgi?id=17860 from bug 57770 (https://bugzilla.mozilla.org/show_bug.cgi?id=57770). The problem is that the *user* did all the interaction with the form, and still managed to attempt an upload of a system file (whether the code should be able to *read* the value is another question, but I suspect there is some long and silly history about allowing that). The real problem I see there is that the doc can trigger a submit before I even unfocus the file control. That should never be possible IMO, as I should be able to realize what I've typed in before I send it to a server. Robert Kaiser ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Re: Making file control text editor readonly
[EMAIL PROTECTED] wrote: In https://bugzilla.mozilla.org/show_bug.cgi?id=258875 I propose making the text control in a file input be readonly. This will prevent various kinds of spoofing attacks, but it may affect usability. Any objections/counterproposals? Please don't - or make it an option to restore the old behavior if you do. Some web interfaces where you can upload photos (Shutterfly or some other service I've used) will present you a bunch of file input controls. The way I use these (and I imagine many others do as well) is by first using the browse button for the first one, then copy and paste for the others and change the file name (typically just one character in digital images I've taken). Hmm... maybe even make it so that it is read-only by default, but if you notice someone trying to edit the value, pop up a dialog and ask if they would like to enable editing them for this page. -- Heikki Toivonen ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security
Making file control text editor readonly
In https://bugzilla.mozilla.org/show_bug.cgi?id=258875 I propose making the text control in a file input be readonly. This will prevent various kinds of spoofing attacks, but it may affect usability. Any objections/counterproposals? Rob ___ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security