...

View Full Version : how to set a value to a file input



tvbas
07-12-2005, 03:59 AM
it is not work properly.


<html>
<head>
<title>BinaryRead</title>
</head>
<script>
function attach()
{
frmSend.attach1.value = "C:\\kzhang\\book\\DHTML.chm"
alert(frmSend.attach1.value)
}
</script>
<body>
<form name="frmSend" method="POST" enctype="multipart/form-data" action="BinaryRead.asp" onSubmit="attach()">
File 1: <input name=attach1 type=file size=35><br>
File 2: <input name=attach2 type=file size=35><br>
File 3: <input name=attach3 type=file size=35><br>
File 4: <input name=attach4 type=file size=35><br>
<br>
<input style="margin-top:4" type=submit value="Upload">
</form>
</body>
</html>

A1ien51
07-12-2005, 04:26 AM
You can not set the file for security reasons. Imagine going to a website that has a form, it grabs a copy of a file on your computer that contains passwords and sends it to their site. Not good.

Eric

tvbas
07-13-2005, 02:44 AM
I want to upload automatically without select the path on web,Anyone can give me some suggestions.some tools can do any help?

A1ien51
07-13-2005, 02:49 AM
You are talking about a major security violation

tvbas
07-13-2005, 05:17 AM
but the customers want it that only application can do

glenngv
07-13-2005, 05:44 AM
Explain to them that it's not possible and that it's a major security violation. Although it's possible with Netscape/Firefox but a prompt will be displayed to ask for permission to the user.

tvbas
07-13-2005, 06:03 AM
ActiveX seems to do some helps.where can i get it.

glenngv
07-13-2005, 06:21 AM
I was talking about signed scripts for Netscape/Firefox that allows setting default value to file input field. I don't know if there's an equivalent ActiveX for IE.

glenngv
07-13-2005, 07:09 AM
This is how you do it in Netscape and Firefox.

function attach()
{
if (netscape && netscape.security) netscape.security.PrivilegeManager.enablePrivilege("UniversalFileRead");
document.frmSend.attach1.value = "C:\\kzhang\\book\\DHTML.chm"
}
A security prompt will be displayed to give user full control to allow or deny the requested enhanced privileges.

enumerator
07-13-2005, 09:19 AM
There is a Microsoft ActiveX control (as of XP, at least) which mimics the input file element (and permits setting the value). It is undocumented, and not marked safe for scripting, however, so it will only work if the user explicitely allows it by setting your domain to the trusted sites security zone.

jbot
07-13-2005, 10:26 AM
It is undocumented, and not marked safe for scripting, however, so it will only work if the user explicitely allows it by setting your domain to the trusted sites security zone.

Personally, I think any site which required me to add it to IE's trusted sites security zone is well worth avoiding. It sort of says, "I'm gonna hack your computer, but I can be trusted because I say so." Not good.

IIRC, most XP SP2 machines have the security zone in IE set to high, and therefore the ActiveX won't work. Also, most users won't know how to change their security settings, so it will be lost on them.

enumerator
07-13-2005, 10:32 AM
That's what it's for: trusted sites... "I trust you", or "I trust myself to allow this, because it was my idea".

Anyway, this can also be done with IWshShell.SendKeys(), if the operation is explicitely permitted by the user/owner.

jbot
07-13-2005, 11:02 AM
That's what it's for: trusted sites... "I trust you", or "I trust myself to allow this, because it was my idea".

yes, I'm aware of that. but my point was that anyone could create [a site] with malicious content, yet make it appear to be legitimate and instruct the users to include the site in their trusted sites list. many users would unwittingly obey this because they wouldn't understand the difference. a little social engineering of the sort used by phishers could probably achieve this.

enumerator
07-13-2005, 11:14 AM
I don't think most people would unwittingly jump through security hoops. The same goes for FF; safeguards are in place (perhaps not quite as many). It's impossible for all practical purposes, but also necessary in some cases.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum