at the above URL, I suggest to mention that the validator only becomes effective
AFTER the upload has been completed.
When testing the bounday, I had no problems uploading 110k of data into a field
configured to hold only 100 characters.
Not particularly Denial-of-Service Attack resistant.
As a side note - when loading 110 K into a simple text form field, my two weeks
old Mozilla build no longer displays any "ink", but just whitespaces.
Upon the error, struts sends the humongeous string value back as
<input name="forename" size="75" tabindex="1" value= type="text">
Obviously, the whitespace is a lot longer. When trying to hilight the value=...
all of a sudden, the content becomes visible...