ma sai che io non ho mai visto l'oggetto dileupload? mi posti il codice del form che la cosa mi incuriosisce?

comunque da manuale javascript:

codice:
untaint    
Removes tainting from a data element or script. Client-side function
 
 
Implemented in
 JavaScript 1.1


 


Syntax  
untaint([dataElementName])
Parameters 
dataElementName
 The property, variable, function, or object to remove tainting from. If omitted, taint is removed from the script itself.
 


Description  
untaint is a top-level function and is not associated with any object.

Tainting prevents other scripts from passing information that should be secure and private, such as directory structures or user session history. JavaScript cannot pass tainted values on to any server without the end user's permission.

Use untaint to clear tainting that marks data that should not to be sent by other scripts to different servers.

A script can untaint only data that originated in that script (that is, only data that has the script's taint code or has the identity (null) taint code). If you use untaint with a data element from another server's script (or any data that you cannot untaint), untaint returns the data without change or error.

In some cases, control flow rather than data flow carries tainted information. In these cases, taint is added to the script's window. You can remove taint from the script's window by calling untaint with no arguments, if the window contains taint only from the current window. 

untaint does not modify its argument; instead, it returns an unmarked copy of the value, or, for objects, an unmarked reference to the value.

Examples  
The following statement removes taint from a property so that a script can send it to another server:

untaintedStatus=untaint(window.defaultStatus)// untaintedStatus can now be sent in a URL or form post by other// scripts

See also 

navigator.taintEnabled, taint