setting file upload filename in script

The task is just simple...


<input type=file name="fileIn">

...

document.all['fileIn'].value = "anyfilenamegeneratedbyscript";


The problem is also simple ... value property is read-only.


How to upload such file?

Lets say the user allows FileScriptingObject to access the files. How could I then submit them with the form?

Let's say this was possible. Let's also say I know most computers store some sensitive information in a specific file.

Let's say I want this information.

Let's further say I write a page where JavaScript first writes this filename into the file input box and the submits the form via JavaScript. Then I lure you to visit the page.

See why it is read-only? If I ever look for a way to get around it then only in order to alert the browser author to this dangerous leak.

Even with FileScriptingObject you still couldn't upload the file in a proper way. You could probably open the file and fill the content in a hidden input.

But seriously, who is dumb enough to allow the instantiation of a FileScriptingObject, much more allow the scripting of it (it's marked as unsafe for scripting), via JavaScript?

That only applies to IE users of course, other browsers don't support ActiveX in the first place.

I know the reason why it is read-only, of course.

I am also considering to open the file and fill some form input. What I am asking for is if there is any way how to do it to interpret such input as a file one on the server side (just only to not complicate the server page algorithm).

I do not expect every user to allow FSO of course, moreover, it's a risk to allow uploading of a file which could harm the server as being processed (so it is to be allowed only for known users), but for example people wo wrote that program would allow to run it ;) which is enough.

(And btw., the task is to get a path from user, and send all files in it to the server.)

There's no way to accomplish the input field being treated as a file.