]> intraplanar.net - CSS http://www.intraplanar.net/taxonomy/term/11/0 Cascading stylesheet topics en CSS input opacity exploit http://www.intraplanar.net/node/26 <p>Peter-Paul Koch recently published an <a href="http://www.quirksmode.org/dom/inputfile.html">article</a> on <a href="http://www.quirksmode.org/">Quirksmode.org</a> explaining how to use the CSS3 "opacity" style (or equivalent proprietary opacity styles) to change the appearance of file input form fields. While the technique presented in the article might appeal to designers, it also demonstrates a security vulnerability which apparently exists in most modern browsers and which should be fixed.</p> <p>The article explains how the text box and browse button elements of a <span style="font-family:monospace;white-space:nowrap;">&lt;input type="file"&gt;</span> form element can be replaced with similar graphics. The problem is that a malicious webpage could easily replace the input with a different kind of graphic, one which could deceive the user into unknowingly uploading a file.</p> Mon, 13 Sep 2004 21:00:21 -0500