Published on 2006-06-10 08:49:12

A Javascript flaw have been reported to Secunia related to the file input box. "The vulnerability is caused due to a design error where a script can cancel certain keystroke events when entering text. This can be exploited to trick a user into typing a filename in a file upload input field by changing focus and cancel the "OnKeyPress" JavaScript event on certain characters." according to the security advisory.

The bug affects both IE 6/7 and Mozilla, and even that the bug is rated less critical, it could be exploited by malicious people to trick users into disclosing sensitive information. The solutions to avoid this bug is to disable javascript or avoid visiting untrusted web sites.

• jQuery 1.1 alpha Released
• Rico Open Sourced
• Prototype Tutorial
• Mozilla Developer Center on AJAX

• Hotels Seattle Search Results
• [Contact us]

Member of the PHP Magazine Network, Copyright (C) 2005-2008 phpmagazine.net All Rights Reserved