I rarely crosspost, but this affects both ASP and Javascript
REALLY odd bug that I ran across in ASP 3.0. I have an input type of
file, user clicks browse, then places his cursor in the filename, puts
a space at the end of the file, and uploads it. Web server doesn't
translate the MIME type of document properly because it doesn't end
with a valid extension, yet the file itself uploads successfully. I'm
using SAFileUP for my uploading component.
So I now return a FALSE in an ONKEYPRESS event, which prevents the
user from entering a space at the end of the file (why he does this is
beyond me, but I'm trying to idiot proof this thing).
Problem is, the ONKEYPRESS doesn't prevent a Paste of a string into
the field, so it's still technically possible to munge the filename.
Blurring the control on a focus or setting it to disabled doesn't work
because it makes the Browse button unfunctional.
Platform: i.e.6.
Any ideas?
15  4290 
On Feb 8, 12:23 pm, "Larry Bud" <larrybud2...@yahoo.comwrote:
I rarely crosspost, but this affects both ASP and Javascript
REALLY odd bug that I ran across in ASP 3.0. I have an input type of
file, user clicks browse, then places his cursor in the filename, puts
a space at the end of the file, and uploads it. Web server doesn't
translate the MIME type of document properly because it doesn't end
with a valid extension, yet the file itself uploads successfully. I'm
using SAFileUP for my uploading component.
So I now return a FALSE in an ONKEYPRESS event, which prevents the
user from entering a space at the end of the file (why he does this is
beyond me, but I'm trying to idiot proof this thing).
Problem is, the ONKEYPRESS doesn't prevent a Paste of a string into
the field, so it's still technically possible to munge the filename.
Blurring the control on a focus or setting it to disabled doesn't work
because it makes the Browse button unfunctional.
Platform: i.e.6.
Any ideas?
DONT try to do anything wih file upload input field in Javascript,it
may not work (Just Use VB server side code to trim out the spaces in
the filename you get. )
since a malicious JS can upload whatever files it wants, just by
chaning the path in the File upload field,
one cannot change .value on it in JS an i belive there are constraints
on what can be done with key events too.
On Feb 8, 12:32 pm, "dev_jg" <develope...@gmail.comwrote:
On Feb 8, 12:23 pm, "Larry Bud" <larrybud2...@yahoo.comwrote:
I rarely crosspost, but this affects both ASP and Javascript
REALLY odd bug that I ran across in ASP 3.0. I have an input type of
file, user clicks browse, then places his cursor in the filename, puts
a space at the end of the file, and uploads it. Web server doesn't
translate the MIME type of document properly because it doesn't end
with a valid extension, yet the file itself uploads successfully. I'm
using SAFileUP for my uploading component.
So I now return a FALSE in an ONKEYPRESS event, which prevents the
user from entering a space at the end of the file (why he does this is
beyond me, but I'm trying to idiot proof this thing).
Problem is, the ONKEYPRESS doesn't prevent a Paste of a string into
the field, so it's still technically possible to munge the filename.
Blurring the control on a focus or setting it to disabled doesn't work
because it makes the Browse button unfunctional.
Platform: i.e.6.
Any ideas?
DONT try to do anything wih file upload input field in Javascript,it
may not work (Just Use VB server side code to trim out the spaces in
the filename you get. )
since a malicious JS can upload whatever files it wants, just by
chaning the path in the File upload field,
one cannot change .value on it in JS an i belive there are constraints
on what can be done with key events too.- Hide quoted text -
- Show quoted text -
sorry about the previos reply, you cant implement in the way i said,
i forgot that you just get the file stream on ASP end and not the
fileName.
input fields are **READ ONLY** by javascript. That is you can look but
you can not in any way modify the contents or alter the behavior. What
you can do is to do an onSubmit event in your form and check the file
name, if there is anything you don't like about it (trailing spaces for
instance) you can alert the user and disallow the submission.
That's the best you can hope for. Sorry.
Larry Bud wrote:
I rarely crosspost, but this affects both ASP and Javascript
REALLY odd bug that I ran across in ASP 3.0. I have an input type of
file, user clicks browse, then places his cursor in the filename, puts
a space at the end of the file, and uploads it. Web server doesn't
translate the MIME type of document properly because it doesn't end
with a valid extension, yet the file itself uploads successfully. I'm
using SAFileUP for my uploading component.
So I now return a FALSE in an ONKEYPRESS event, which prevents the
user from entering a space at the end of the file (why he does this is
beyond me, but I'm trying to idiot proof this thing).
Problem is, the ONKEYPRESS doesn't prevent a Paste of a string into
the field, so it's still technically possible to munge the filename.
Blurring the control on a focus or setting it to disabled doesn't work
because it makes the Browse button unfunctional.
Platform: i.e.6.
Any ideas?
-- http://www.hunlock.com -- Musings in Javascript, CSS.
$FA
I rarely crosspost, but this affects both ASP and Javascript
>
REALLY odd bug that I ran across in ASP 3.0. I have an input type of
file, user clicks browse, then places his cursor in the filename, puts
a space at the end of the file, and uploads it. Web server doesn't
translate the MIME type of document properly because it doesn't end
with a valid extension, yet the file itself uploads successfully. I'm
using SAFileUP for my uploading component.
So I now return a FALSE in an ONKEYPRESS event, which prevents the
user from entering a space at the end of the file (why he does this is
beyond me, but I'm trying to idiot proof this thing).
Problem is, the ONKEYPRESS doesn't prevent a Paste of a string into
the field, so it's still technically possible to munge the filename.
Blurring the control on a focus or setting it to disabled doesn't work
because it makes the Browse button unfunctional.
On Feb 8, 12:54 pm, pcx99 <x...@x.comwrote:
input fields are **READ ONLY** by javascript. That is you can look but
you can not in any way modify the contents or alter the behavior. What
you can do is to do an onSubmit event in your form and check the file
name, if there is anything you don't like about it (trailing spaces for
instance) you can alert the user and disallow the submission.
That's the best you can hope for. Sorry.
Yeah, I realize it's read only, I was just hoping there was a way to
prevent a paste.
But that's what I'm doing, I'm checking for a validly formed filename.
Yeah, I realize it's read only, I was just hoping there was a way to
prevent a paste.
But that's what I'm doing, I'm checking for a validly formed filename.
You can solve the problem only in radical way: by not letting users to
manually type anything in input. They will have to click "Browse" and
select a real file from dialog. It may be too rude for some
environments, but overall not such a bad idea. See
<http://www.quirksmode.org/dom/inputfile.html>
pcx99 wrote on 08 feb 2007 in microsoft.public.inetserver.asp.general:
input fields are **READ ONLY** by javascript. That is you can look but
you can not in any way modify the contents or alter the behavior.
That so? Methinks not!
<input name='q' id='q' value='first'>
<script type='text/javascript'>
var q = document.getElementById('q')
alert(q.value) // read value
q.value = 'second' // overwrite value
</script>
Only <input type='file'values unaccessable by js, both read and write!
<input name='q' id='q' value='first' type='file'>
<script type='text/javascript'>
var q = document.getElementById('q')
alert(q.value) // blank
q.value = 'second' // no effect
</script>
Larry Bud wrote:
>I rarely crosspost, but this affects both ASP and Javascript
Many ASP scripting is written in J[ava]script! ;-)
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Evertjan. wrote:
pcx99 wrote on 08 feb 2007 in microsoft.public.inetserver.asp.general:
>input fields are **READ ONLY** by javascript. That is you can look
but you can not in any way modify the contents or alter the behavior.
That so? Methinks not!
He should have said "input fields whose type is "file" ... "
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
Bob Barrows [MVP] wrote on 08 feb 2007 in
microsoft.public.inetserver.asp.general:
Evertjan. wrote:
>pcx99 wrote on 08 feb 2007 in microsoft.public.inetserver.asp.general:
>>input fields are **READ ONLY** by javascript. That is you can look
but you can not in any way modify the contents or alter the behavior.
That so? Methinks not!
He should have said "input fields whose type is "file" ... "
Even so, as I showed, they are NOT read only, Bob,
as they cannot EVEN be read by clientside javascript.
They, the type-file-input-values, are simply inaccessable.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Clientside javascript has no problems reading the contents of an input
of type file. It will crash your script with a security error if you
attempt to use javascript to change the contents though. The newer
browsers will show only the file name and not the full path (IE7
notably), perhaps the path filters threw out your input as invalid
before the display. Regardless...
<form>
<input type="file" id="ff">
</form>
<button onClick="alert(document.getElementById('ff').value )">Click Me to
read</button>
Will quite merrily show you the contents of the input field provided
there is actually something there.
And Bob is quite right, I should have specified type=file, however it
really didn't occur to me that given the question it would actually need
to be stated. Sometimes the lawyerball in these forums can be quite
maddening.
Evertjan. wrote:
Bob Barrows [MVP] wrote on 08 feb 2007 in
microsoft.public.inetserver.asp.general:
>Evertjan. wrote:
>>pcx99 wrote on 08 feb 2007 in microsoft.public.inetserver.asp.general:
input fields are **READ ONLY** by javascript. That is you can look
but you can not in any way modify the contents or alter the behavior.
That so? Methinks not!
He should have said "input fields whose type is "file" ... "
Even so, as I showed, they are NOT read only, Bob,
as they cannot EVEN be read by clientside javascript.
They, the type-file-input-values, are simply inaccessable.
-- http://www.hunlock.com -- Musings in Javascript, CSS.
$FA
pcx99 wrote on 09 feb 2007 in microsoft.public.inetserver.asp.general:
[Please do not toppost on usenet]
Clientside javascript has no problems reading the contents of an input
of type file. It will crash your script with a security error if you
attempt to use javascript to change the contents though. The newer
browsers will show only the file name and not the full path (IE7
notably), perhaps the path filters threw out your input as invalid
before the display. Regardless...
<form>
<input type="file" id="ff">
</form>
<button onClick="alert(document.getElementById('ff').value )">Click Me
to read</button>
Will quite merrily show you the contents of the input field provided
there is actually something there.
You are right, I did a test that showed otherwise,
[by specifying value='qwerty', but that is in itself faulty]
And Bob is quite right, I should have specified type=file, however it
really didn't occur to me that given the question it would actually
need to be stated.
No, my argument was about the "read only", not the specification per se.
Sometimes the lawyerball in these forums can be quite
maddening.
'lawyerball' what is that? If you want to say something please do not
use local slang.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Evertjan. wrote:
pcx99 wrote on 09 feb 2007 in microsoft.public.inetserver.asp.general:
[Please do not toppost on usenet]
That is a definition of lawyerball.
'lawyerball' what is that? If you want to say something please do not
use local slang.
As is this.
Consider it thus: Quibbling over inconsequential semantics and requiring
every last word to be strictly, legally defined to accommodate anal
retentive people who are unable to read things in context.
-- http://www.hunlock.com -- Musings in Javascript, CSS.
$FA
pcx99 wrote on 09 feb 2007 in microsoft.public.inetserver.asp.general:
Evertjan. wrote:
>pcx99 wrote on 09 feb 2007 in microsoft.public.inetserver.asp.general:
[Please do not toppost on usenet]
That is a definition of lawyerball.
You don't even seem to know the definition of definition.
>'lawyerball' what is that? If you want to say something please do not
use local slang.
As is this.
Consider it thus: Quibbling over inconsequential semantics and requiring
every last word to be strictly, legally defined to accommodate anal
retentive people who are unable to read things in context.
If you are happy arguing about that, so be it.
You must be new on usenet,
expecting to make your own netiquette and
disregarding that these are two international NGs.
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
"Evertjan." <ex**************@interxnl.netwrote in message
news:Xn********************@194.109.133.242...
pcx99 wrote on 09 feb 2007 in microsoft.public.inetserver.asp.general:
Evertjan. wrote:
pcx99 wrote on 09 feb 2007 in microsoft.public.inetserver.asp.general:
[Please do not toppost on usenet]
That is a definition of lawyerball.
You don't even seem to know the definition of definition.
'lawyerball' what is that? If you want to say something please do not
use local slang.
As is this.
Consider it thus: Quibbling over inconsequential semantics and requiring
every last word to be strictly, legally defined to accommodate anal
retentive people who are unable to read things in context.
If you are happy arguing about that, so be it.
You must be new on usenet,
Yeah those us who have been around these news groups have just given up
arguing with you about it ;)
pcx99 wrote:
The newer browsers will show only the file name and not the
full path (IE7 notably), perhaps the path filters threw out
your input as invalid before the display.
For what it's worth, IE7 still sends the full path with the form submission,
regardless of what it displays.
--
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.
Dave Anderson wrote:
pcx99 wrote:
>The newer browsers will show only the file name and not the
full path (IE7 notably), perhaps the path filters threw out
your input as invalid before the display.
For what it's worth, IE7 still sends the full path with the form submission,
regardless of what it displays.
Yea that is hilariously funny, they go to extreme lengths (and break
many existing apps) to mask the full path in the browser and then send
the full path to the server. This ranks right up there with them
breaking the prompt command.
-- http://www.hunlock.com -- Musings in Javascript, CSS.
$FA This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Oxygenearth |
last post by:
Please who could help me with this...
I had my structure in Win32, with Apache, PHP, and MySQL, I had a page
in which I am transfering an image to the database in MySQL using PHP.
But now I am...
|
by: Don |
last post by:
Is there some way to populate the "Browse" box for a <input type=file...> with a default value? I
can do it for <input type=text...>, but can't seem to do it for <input type=file...>.
Any ideas?...
|
by: Pavan Jha |
last post by:
Hi,
I am using File Input for one of my pages. I have multiple inputs on
my page as
<INPUT Type=FILE Name=File1>
<INPUT Type=FILE Name=File2>
and so on...
I have a function for validating...
|
by: Quick Function |
last post by:
For the <input type="file">, can I select directory? Multiple directories?
Thanks,
qq
|
by: Xam |
last post by:
Hello everybody
Do you know of a javascript routine that can warn if there are any
pre-defined invalid chars in the filename of an INPUT file box before it is
submitted with the submit button.
...
|
by: Nathan |
last post by:
I have an aspx page with a data grid, some textboxes, and an update button.
This page also has one html input element with type=file (not inside the data
grid and runat=server).
The update...
|
by: oopaevah |
last post by:
I want to have a separate button which invokes the "browse" button on
an input type=file. In internet explorer the following code works ok,
in firefox nothing happens.
All I do is call click()...
|
by: Prakash Singh Bhakuni |
last post by:
am replacing the default "Browse..." button for input type=file. This works fine except that the form will only submit after the SUBMIT button is clicked twice.
Any ideas on why this is happening...
|
by: Larry Bud |
last post by:
I rarely crosspost, but this affects both ASP and Javascript
REALLY odd bug that I ran across in ASP 3.0. I have an input type of
file, user clicks browse, then places his cursor in the...
|
by: omerbutt |
last post by:
hi there i have a form with multiple input (type/text ) fields and three inputs(type/file) fields i have to submit the form via ajax because i have multiple forms on this page ,you can say it is a...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |
