Severity
Less severe
Description
When a file is selected in a file upload input, the path to that file is not exposed through the input’s value property. This is done to protect any sensitive information which may be contained in the directory names. When manipulated by DOM this information should also not be exposed. Certain DOM manipulations may be used to bypass this restriction, and can reveal the full file path.
Opera’s response
Opera Software has released Opera 10.54 for Windows and Mac, and Opera 10.60 for Linux and FreeBSD, where this issue has been fixed.