user1431803
user1431803

Reputation:

File Upload and Security issues

i want to set the default value of input type file. I have searched a lot but every one says it is impossible due to security reason.

Is there any way that i set default value and when user upload file without navigating to it. It just prompt him that u r going to upload file from this location then only if user agrees then upload.

So no security conflicts. Please, tell me is there any API regarding this problem even in HTML5 or some sort of other solution.

in my case the user have to upload file from same location 500 time in a day he wants to set path once then next time it uploads from same location(previous one) Also what if i use java applet for this purpose

Upvotes: 1

Views: 206

Answers (3)

Andrew Thompson
Andrew Thompson

Reputation: 168825

A trusted Java applet could achieve the stated functionality.

But to save the user visiting the applet page 500 times a day, I would go with the suggestion of @fastreload and make it a (trusted) desktop application that is launched using Java Web Start (if it is a Java based app.).

Upvotes: 1

freefaller
freefaller

Reputation: 19953

As request by the OP (although fastreload has already stated this in his answer, and therefore I believe my answer to be unnecessary)...

Browsers block the setting of the value of an <input type="file"> control for very good security reasons. This includes both pre-setting of the value in the HTML (from something like PHP / ASP.NET / static HTML) and the setting via client-side JavaScript.

The reasons are clear... browsers cannot trust the authors of HTML. If they did, websites would be able to upload any file from the local computer without the users permission.

You could use an ActiveX control (OCX) or a Java Applet to achieve this, but it will still require the user to approve the installation of it.

I will also add what has been mention a couple of time in comments, that a user being expected to upload a file "500 times a day"(!!) sounds like an exceedingly bad piece of design. Consider instead building an application (non-web, just normal desktop) that can be installed on the client machine to upload the file in question.

Upvotes: 1

Umur Kontacı
Umur Kontacı

Reputation: 35478

Nope, still security issue. Browsers do not even let you open a file dialog via javascript.

Upvotes: 3

Related Questions