2.1.45 [W3C-HTML52] Section 126.96.36.199.17. File Upload state (type=file)
V0169: The file type does not properly secure the selected file
The specification states:
... File Upload state (type=file) … Example 485 For historical reasons, the value IDL attribute prefixes the file name with the string "C:\fakepath\". Some legacy user agents actually included the full path (which was a security vulnerability).
The input type=
file does not
properly secure the selected file nor obscure the local file location. It
obscures the file when it is submitted to the server.