Reply to Re: how to show "browse for folder" dialog in html/javascript?

Your name:

Reply:


Posted by Randy Webb on 10/02/05 20:18

Jonathan N. Little said the following on 10/2/2005 11:28 AM:
> Randy Webb wrote:
> <snip>
>
>>> Well yes if the client has JavaScript disabled! ;-)
>>
>>
>>
>> It wouldn't work even with Javascript enabled.
>>
>
> Firstly, I am not saying the OP should do this, I think it is a bad
> idea. However are you saying that you cannot build a file list of local
> files using JavaScript and the file input? Because this simple codes
> builds such a list....
>
> <code>
> <form>
> <textarea name='abc' rows=30 cols=50></textarea>
> <input type=file onchange="this.form.abc.value+=';' + this.value; return
> true;">
> </form>
> </code>

You can not programattically set the value of an input type="file" using
Javascript. You can read it's value, but, you can not set it's value.
And in order to upload, you have to set it's value.

>
>>> I would think you would need more JavaScript to enter list/array into
>>> a form input that would be passed to some server-side script to do
>>> the actual uploading...
>>
>>
>>
>> If what you are describing is possible in javascript, then anybody
>> could simply set the value of a hidden field to whatever file they
>> wanted off your PC and upload it automatically. That is not allowed
>> (and what you are describing) for that very reason. File inputs are
>> very limited in javascript context for a reason - security.
>>
>
> Now JavaScript cannot be used to upload files, but the list sent to a
> server-side script could use the list a as a queue, right?

It would still take user interaction. But, if you set the file name
server-side and send the page back to the browser, it will not have the
file set in the type="file" input. Try it :)

Think about the implications if you could set it:

<form name="myForm">
<div style="display:none">
<input type="file" value="Whateverfileyouwantontheserver">
</div>

<input type="text" name="usersName">

.... more legitimate inputs ....

</form>

When the user submitted the form, you could get what ever file you
wanted off the users computer. That is a very huge security risk and
because of it, you can not set the value of a file input.

> Am I mistaken?

Yes.

> Again, I do not think this is a very good idea...purely
> curiosity and a 'what if' question.

Nothing wrong with curiosity :)

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация