On Tue, May 22, 2012 at 10:41 AM, Nico Weber <tha...@chromium.org> wrote: > Hi, > > The files attribute of the input element is currently marked readonly > [1], to protect from `myInput.files = "/etc/passwd"; myForm.submit()`. > Since its type is now FileList and not string, that's no longer > necessary. > > Making the attribute writable would allow setting the files property > of an input element to dataTransfer.files from a drop handler. For > example, I would like to use this to create a larger drop-target for a > file input. Here's one request for this functionality: > http://stackoverflow.com/questions/8006715/drag-drop-files-into-standard-html-file-input > > Can the readonly restriction be removed from the spec?
I don't think simply marking the attribute as writable is the correct solution here. At the very least we should make it possible to assign a sequence<File> to the attribute such that you can do: myInput.files = [file1]; But even a sequence<Blob> should be allowed IMO. One concern I have though is that this is pretty problematic UI-wise. Simply displaying the .name (if it's a file) property in the UI seems like a good way to scare people into thinking that they have attached something that they didn't. / Jonas
