|
-
Apr 20th, 2003, 01:30 PM
#1
Thread Starter
Hyperactive Member
setting file upload filename in script
The task is just simple...
<input type=file name="fileIn">
...
document.all['fileIn'].value = "anyfilenamegeneratedbyscript";
The problem is also simple ... value property is read-only.
How to upload such file?
-
Nov 20th, 2003, 11:57 AM
#2
Thread Starter
Hyperactive Member
Lets say the user allows FileScriptingObject to access the files. How could I then submit them with the form?
-
Nov 21st, 2003, 05:54 PM
#3
Let's say this was possible. Let's also say I know most computers store some sensitive information in a specific file.
Let's say I want this information.
Let's further say I write a page where JavaScript first writes this filename into the file input box and the submits the form via JavaScript. Then I lure you to visit the page.
See why it is read-only? If I ever look for a way to get around it then only in order to alert the browser author to this dangerous leak.
Even with FileScriptingObject you still couldn't upload the file in a proper way. You could probably open the file and fill the content in a hidden input.
But seriously, who is dumb enough to allow the instantiation of a FileScriptingObject, much more allow the scripting of it (it's marked as unsafe for scripting), via JavaScript?
That only applies to IE users of course, other browsers don't support ActiveX in the first place.
All the buzzt
 CornedBee
"Writing specifications is like writing a novel. Writing code is like writing poetry."
- Anonymous, published by Raymond Chen
Don't PM me with your problems, I scan most of the forums daily. If you do PM me, I will not answer your question.
-
Nov 22nd, 2003, 05:03 AM
#4
Thread Starter
Hyperactive Member
I know the reason why it is read-only, of course.
I am also considering to open the file and fill some form input. What I am asking for is if there is any way how to do it to interpret such input as a file one on the server side (just only to not complicate the server page algorithm).
I do not expect every user to allow FSO of course, moreover, it's a risk to allow uploading of a file which could harm the server as being processed (so it is to be allowed only for known users), but for example people wo wrote that program would allow to run it  which is enough.
(And btw., the task is to get a path from user, and send all files in it to the server.)
-
Nov 22nd, 2003, 05:14 AM
#5
There's no way to accomplish the input field being treated as a file.
All the buzzt
CornedBee
"Writing specifications is like writing a novel. Writing code is like writing poetry."
- Anonymous, published by Raymond Chen
Don't PM me with your problems, I scan most of the forums daily. If you do PM me, I will not answer your question.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
