On Oct 02, 2008, at 18:50 , Nick Belaevski wrote: > <form action="http://somesite.com"><input type="file" /><input > type="submit" /></form> > > I suppose it is not safe that the user is possible to type in forms. Why not? Your browser can send whatever forms it wants to whatever site.