2.1.45 [W3C-HTML52] Section 4.10.5.1.17. File Upload state (type=file)

V0169: The file type does not properly secure the selected file

The specification states:

 ... File Upload state (type=file)
     …
     Example 485
  
     For historical reasons, the value IDL attribute prefixes the file name with the 
     string "C:\fakepath\". Some legacy user agents actually included the full path (which 
     was a security vulnerability).

EdgeHTML Mode

The input type=file does not properly secure the selected file nor obscure the local file location. It obscures the file when it is submitted to the server.