I'm trying to validate a form's file input elements using javascript, but
I'm getting nowhere. How can javascript test if a file has been selected
using a file form input element?
--
Ed Jay (remove 'M' to respond by email)
7  4593 
On Tue, 10 Apr 2007 21:43:06 -0700
Ed Jay <ed***@aes-intl.comwrote:
I'm trying to validate a form's file input elements using javascript,
but I'm getting nowhere. How can javascript test if a file has been
selected using a file form input element?
I expect a javascript newsgroup would know.
But any javascript access to filesystem information would be a
gaping security hole in a browser.
--
Nick Kew
Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
Nick Kew scribed:
>On Tue, 10 Apr 2007 21:43:06 -0700
Ed Jay <ed***@aes-intl.comwrote:
>I'm trying to validate a form's file input elements using javascript,
but I'm getting nowhere. How can javascript test if a file has been
selected using a file form input element?
I expect a javascript newsgroup would know.
They didn't respond to the question, so apparently, they don't know.
I'll rephrase the question: How can one client side test whether or not a
file has been selected using the file input element?
>
But any javascript access to filesystem information would be a
gaping security hole in a browser.
I'm not sure it's involuntarily accessing the file system. The user selects
a filename...I would think there's some client-side manner to ascertain what
the filename selected is, or whether one was selected at all. It's trivial
to do it serverside.
--
Ed Jay (remove 'M' to respond by email)
Ed Jay <ed***@aes-intl.comwrites:
I'm not sure it's involuntarily accessing the file system. The user selects
a filename...I would think there's some client-side manner to ascertain what
the filename selected is, or whether one was selected at all. It's trivial
to do it serverside.
That's not necessarily true. The web browser sends a comment that
usually looks somewhat like a filename, yes, but it needn't be the
filename that the file had on the user's filesystem (indeed, in some
cases with automated HTTP requests, the file may never actually exist
on any filesystem).
Certainly major browsers differ in whether the full filesystem path is
sent to the server or not, for example.
As far as client-side security goes: http://www.securityfocus.com/archive...0/150/threaded
is an interesting bug that involved messing around with browser focus
to get the user to upload a file of your choice to you. Consider how
much easier that would have been to exploit if Javascript had direct
access to the contents of the file field and it's understandable that
browsers generally don't (unfortunately at the time that bug was
reported they hadn't considered that they shouldn't let you focus a
file field either).
--
Chris
Chris Morris scribed:
>Ed Jay <ed***@aes-intl.comwrites:
>I'm not sure it's involuntarily accessing the file system. The user selects
a filename...I would think there's some client-side manner to ascertain what
the filename selected is, or whether one was selected at all. It's trivial
to do it serverside.
That's not necessarily true. The web browser sends a comment that
usually looks somewhat like a filename, yes, but it needn't be the
filename that the file had on the user's filesystem (indeed, in some
cases with automated HTTP requests, the file may never actually exist
on any filesystem).
It's absolutely true in my specific case.
My users focus a camera image on-screen and press a key that takes a
snapshot of the screen and auto-saves the image to a known folder. They can
snap/save from one to up to five screens...it's arbitrary. The user is given
'n' file input elements and asked to select the files for uploading.
Example: The user snaps/saves three screens, so three file input elements
are printed. When the user is finished, he presses a button and the form is
submitted to a server side script (CGI) that uploads the files. The issue
may arise when the user inadvertently submits the form without selecting all
files for uploading.
I can test for an empty file form element name at the server side script,
but I want to do it client side, before the form is submitted to the server.
>
Certainly major browsers differ in whether the full filesystem path is
sent to the server or not, for example.
Irrelevant, or at least unimportant in my specific case.
>
As far as client-side security goes:
http://www.securityfocus.com/archive...0/150/threaded
is an interesting bug that involved messing around with browser focus
to get the user to upload a file of your choice to you. Consider how
much easier that would have been to exploit if Javascript had direct
access to the contents of the file field and it's understandable that
browsers generally don't (unfortunately at the time that bug was
reported they hadn't considered that they shouldn't let you focus a
file field either).
--
Ed Jay (remove 'M' to respond by email)
Scripsit Ed Jay:
>I expect a javascript newsgroup would know.
They didn't respond to the question, so apparently, they don't know.
You didn't get an answer that you liked, so you moved to a group where the
question is surely off-topic and didn't even tell about having asked
elsewhere. Do you want to get plonked?
I'll rephrase the question: How can one client side test whether or
not a file has been selected using the file input element?
It's still off-topic here.
--
Jukka K. Korpela ("Yucca") http://www.cs.tut.fi/~jkorpela/
Jukka K. Korpela scribed:
>Scripsit Ed Jay:
>>I expect a javascript newsgroup would know.
They didn't respond to the question, so apparently, they don't know.
You didn't get an answer that you liked
What part of 'they didn't respond' do you not understand?
>, so you moved to a group where the
question is surely off-topic and didn't even tell about having asked
elsewhere. Do you want to get plonked?
If your post is an indication of how you typically respond...witho ut
answering the question, but castigating instead...pleas e feel free to plonk
me.
>
>I'll rephrase the question: How can one client side test whether or
not a file has been selected using the file input element?
It's still off-topic here.
I disagree. I was asking about a specific HTML element, no?
At any rate, you answered my question in
<http://www.cs.tut.fi/~jkorpela/forms/file.html>. Thanks.
--
Ed Jay (remove 'M' to respond by email)
Ed Jay wrote:
I disagree. I was asking about a specific HTML element, no?
No. You were asking about how to write JavaScript. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Peter Hansen |
last post by:
The term "mock filesystem" refers to code allowing unit
or acceptance tests to create, read and write, and manipulate
in other ways "virtual" files, without any actual disk
access. Everything is held in memory and therefore fast,
without risk of damaging real files, and with none of the
messiness of leftover files after testing.
Googling the archives and the web suggests that only I and
Remy Blank have done much along these lines. I...
|
by: Brian van den Broek |
last post by:
Hi all,
I'm just starting to employ unit testing (I'm using doctest), and I am
uncertain how to handle writing tests where the behaviour being tested
is dependant on whether certain file paths point to actual files.
I have a class which takes, in its __init__, a list of file paths to
process. The class has a method to validate that the paths passed in
are appropriate ones for the class. One portion of the validation code
ensures that...
|
by: Andrew |
last post by:
Hi,
I am thinking about ways for efficient techniques for isolation testing.
Here is the problem as I see it:
Complex OO systems are designed with massive number of dependencies between
modules and classes. In most cases these dependencies end-up in external
systems such as databases and OS. Overhead in designing systems with "could
be stubbed" in mind is great, so in many cases dropped.
I would appreciate if anyone interested in this...
|
by: lihua |
last post by:
Hi, Group!
I got one question here:
We all know that fclose() must be called after file operations to
avoid unexpected errors.But there are really cases when you forget to
do that!Just
like what happens in memory operations, everyone knows the importance
of
freeing the allocated memory, but there do have memory leaks from time
to
|
by: David Warner |
last post by:
Greetings!
I am working on a C app that needs to read print files generated by lp
that contain HP LaserJet PCL codes. If the PCL contains binary data to
define a bit map to be printed on the page, either icon or soft-font
download, the EOF test ends prematurely and does not read the entire
file. How do I get around testing for EOF and not detect the EOF value
within the file? Am I missing something?
More Data:
| | |
by: Cybex |
last post by:
I am taking a C++ class and would like to use a Linux based IDE vs C+
+ .Net but I am a little lost in how to go about this. I think that
the IDE and compilation tools are separate under Linux. I have tried
to take code written and tested under C++ .Net and tried compiling it
in Linux via gcc but I keep getting errors.
The code:
#include <iostream>
using namespace std;
|
by: David |
last post by:
Hi list.
What strategies do you use to ensure correctness of new code?
Specifically, if you've just written 100 new lines of Python code, then:
1) How do you test the new code?
2) How do you ensure that the code will work correctly in the future?
Short version:
|
by: Matthew Fitzgibbons |
last post by:
I'm by no means a testing expert, but I'll take a crack at it.
Casey McGinty wrote:
I've never run into this.
Rule of thumb: always separate software from hardware. Write mock
classes or functions that do your hardware/file access that always
return known data (but remember to test for alpha and beta errors--make
sure both valid and invalid data are handled correctly). That way you
can test the client code that is accessing the...
|
by: CSharper |
last post by:
In my solution, I seperate the code into one project and test into
another project (NUnit). Now, in one of my test class, I need to
reference a file. This file can not be created on the fly and it has
to be added to the test project and during the testing, I need to load
them from project file and use it for testing. This makes the testing
easy since there will be no external dependency. My question is, how
could I achive this? or is there...
|
by: Brendan Miller |
last post by:
What would heavy python unit testers say is the best framework?
I've seen a few mentions that maybe the built in unittest framework
isn't that great. I've heard a couple of good things about py.test and
nose. Are there other options? Is there any kind of concensus about
the best, or at least how they stack up to each other?
Brendan
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
