[koichirose]

I guess this wouldn't replace proper server side validation anyway, but it would be a nice addition.

[gkoberger]

None of HTML's new form attributes replace server side validation (which is annoying since you end up repeating code and having slight differences), however it's a good start.

With CORS and CSRF tokens, it would cut down on accidental issues – which for most sites is a bigger deal than malicious activity.

[duskwuff]

In that sense, it'd be a perfect analogue to the "maxlength" attribute on text inputs. (In fact, I wonder if it'd be sufficient to just make that attribute apply to file inputs as well...)

[edent]

Yeah, exactly. It just prevents people from uploading ridiculously large files which have no hope of completing.

[BinaryIdiot]

Well you can check file sizes in JavaScript before upload so you can do this already.

[acveilleux]

Yep, browsers could serve up a warning instantly.