Security and Privacy Concerns
Form data can contain sensitive
information. What’s more, it can be initialized with
a file
URI scheme, which has the capability of
pulling data from the hard drive of anyone who loads a form. Combine
this with an XML Events-powered submit
that occurs
as a part of form loading, and you have the potential for a serious
privacy breech. Using the file
scheme, a hostile
XForms document could also potentially overwrite files on the hard
drive of the person viewing the document.
Browser vendors over the years have gradually learned their lessons and incorporated restrictions in their products to prevent these kinds of abuses. Still, an important part of authoring an XForms solution is to stop and think about what could go wrong, and testing is a key part of that process.
Get XForms Essentials now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.