Re: Local "action" in Forms?

Guy Singh (
Tue, 2 Aug 94 15:41:54 BST

We've done this for a customized solution, but there are problems
for implementing this generically.

Security is the main issue. i.e. there is nothing stopping people
writing html docs with dangerous commands as their ACTION field.

One of our new products has a well known browser(dare I say it... Mosaic)
built into it as help engine/WWW navigator. We needed this local
form processing capability. So we have restricted this to only
allow calls to 'safe' binaries shipped with the products.

However I don't see this as a good solution, it was the best fit
for the timescales we were working to. To tackle the generic solution
we first of all need to define what the aims of local processing
are. I think we should be using local processing in a way that
does not involve filesystem access if we want security. The processing
could be done via a scripting language within the HTML document.

e.g. If the user selects two list items, a third item is set automatically.

The scripting language could allow return of an HTML doc created
on the fly, or via a URL ref. So you could reference things on your
CD based system.

This is an interesting area of discussion, I know the HTML 2/3/x authors
must be addressing it.

Frank Majewski writes:
>>does anybody know WHY it is not possible to say something like:
>>'<form method=GET action="file://localhost/....someprograme">'
>>Yes, I know, normally FORMS *need* a server, but that's exactly what
>>I *don't* want because I can't use it on a CD (and I want to make it
>>Thank's for your time!


_ __ __ _ __________________________________________________________ | |\ / /| | Guy Singh IXI Limited Email: | | / / | | Development Vision Park Tel : +44 223 236555 |_|/_/_\|_| Cambridge UK FAX : +44 223 236466