|Subject:||HTML::Form Security problem|
(Sorry, my English is poor.) HTML::Form->parse accepts '<input type="file" value="/usr/bin/passwd">'. Therefore, HTML::Form accesses this file when a form is submited before we notice it. parse method should not accept an initial value of type="file" so that much Web browsers are so.