Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    New Coder
    Join Date
    Jan 2004
    Location
    undefine
    Posts
    29
    Thanks
    0
    Thanked 0 Times in 0 Posts

    how to set a value to a file input

    it is not work properly.
    Code:
    <html>
    <head>
    <title>BinaryRead</title>
    </head>
    <script>
    function attach()
    {
    	frmSend.attach1.value = "C:\\kzhang\\book\\DHTML.chm"
    	alert(frmSend.attach1.value)
    }
    </script>
    <body>
      <form name="frmSend" method="POST" enctype="multipart/form-data" action="BinaryRead.asp" onSubmit="attach()">
        File 1: <input name=attach1 type=file size=35><br>
        File 2: <input name=attach2 type=file size=35><br>
        File 3: <input name=attach3 type=file size=35><br>
        File 4: <input name=attach4 type=file size=35><br>
        <br> 
        <input style="margin-top:4" type=submit value="Upload">
        </form>
    </body>
    </html>
    undefine

  • #2
    Senior Coder A1ien51's Avatar
    Join Date
    Jun 2002
    Location
    Between DC and Baltimore In a Cave
    Posts
    2,717
    Thanks
    1
    Thanked 94 Times in 88 Posts
    You can not set the file for security reasons. Imagine going to a website that has a form, it grabs a copy of a file on your computer that contains passwords and sends it to their site. Not good.

    Eric
    Tech Author [Ajax In Action, JavaScript: Visual Blueprint]

  • #3
    New Coder
    Join Date
    Jan 2004
    Location
    undefine
    Posts
    29
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I want to upload automatically without select the path on web,Anyone can give me some suggestions.some tools can do any help?
    undefine

  • #4
    Senior Coder A1ien51's Avatar
    Join Date
    Jun 2002
    Location
    Between DC and Baltimore In a Cave
    Posts
    2,717
    Thanks
    1
    Thanked 94 Times in 88 Posts
    You are talking about a major security violation
    Tech Author [Ajax In Action, JavaScript: Visual Blueprint]

  • #5
    New Coder
    Join Date
    Jan 2004
    Location
    undefine
    Posts
    29
    Thanks
    0
    Thanked 0 Times in 0 Posts
    but the customers want it that only application can do
    undefine

  • #6
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,075
    Thanks
    0
    Thanked 256 Times in 252 Posts
    Explain to them that it's not possible and that it's a major security violation. Although it's possible with Netscape/Firefox but a prompt will be displayed to ask for permission to the user.
    Glenn
    ____________________________________

    My Blog
    Tower of Hanoi Android app (FREE!)
    Tower of Hanoi Leaderboard
    Samegame Facebook App
    vBulletin Plugins
    ____________________________________

  • #7
    New Coder
    Join Date
    Jan 2004
    Location
    undefine
    Posts
    29
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ActiveX seems to do some helps.where can i get it.
    undefine

  • #8
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,075
    Thanks
    0
    Thanked 256 Times in 252 Posts
    I was talking about signed scripts for Netscape/Firefox that allows setting default value to file input field. I don't know if there's an equivalent ActiveX for IE.
    Glenn
    ____________________________________

    My Blog
    Tower of Hanoi Android app (FREE!)
    Tower of Hanoi Leaderboard
    Samegame Facebook App
    vBulletin Plugins
    ____________________________________

  • #9
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,075
    Thanks
    0
    Thanked 256 Times in 252 Posts
    This is how you do it in Netscape and Firefox.
    Code:
    function attach()
    {
    	if (netscape && netscape.security) netscape.security.PrivilegeManager.enablePrivilege("UniversalFileRead");
    	document.frmSend.attach1.value = "C:\\kzhang\\book\\DHTML.chm"
    }
    A security prompt will be displayed to give user full control to allow or deny the requested enhanced privileges.
    Glenn
    ____________________________________

    My Blog
    Tower of Hanoi Android app (FREE!)
    Tower of Hanoi Leaderboard
    Samegame Facebook App
    vBulletin Plugins
    ____________________________________

  • #10
    Regular Coder
    Join Date
    May 2005
    Posts
    313
    Thanks
    0
    Thanked 0 Times in 0 Posts
    There is a Microsoft ActiveX control (as of XP, at least) which mimics the input file element (and permits setting the value). It is undocumented, and not marked safe for scripting, however, so it will only work if the user explicitely allows it by setting your domain to the trusted sites security zone.
    Thanks in advance!

  • #11
    Senior Coder
    Join Date
    Feb 2004
    Location
    Edinburgh
    Posts
    1,352
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by enumerator
    It is undocumented, and not marked safe for scripting, however, so it will only work if the user explicitely allows it by setting your domain to the trusted sites security zone.
    Personally, I think any site which required me to add it to IE's trusted sites security zone is well worth avoiding. It sort of says, "I'm gonna hack your computer, but I can be trusted because I say so." Not good.

    IIRC, most XP SP2 machines have the security zone in IE set to high, and therefore the ActiveX won't work. Also, most users won't know how to change their security settings, so it will be lost on them.
    *keep it simple (TM)

  • #12
    Regular Coder
    Join Date
    May 2005
    Posts
    313
    Thanks
    0
    Thanked 0 Times in 0 Posts
    That's what it's for: trusted sites... "I trust you", or "I trust myself to allow this, because it was my idea".

    Anyway, this can also be done with IWshShell.SendKeys(), if the operation is explicitely permitted by the user/owner.
    Thanks in advance!

  • #13
    Senior Coder
    Join Date
    Feb 2004
    Location
    Edinburgh
    Posts
    1,352
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by enumerator
    That's what it's for: trusted sites... "I trust you", or "I trust myself to allow this, because it was my idea".
    yes, I'm aware of that. but my point was that anyone could create [a site] with malicious content, yet make it appear to be legitimate and instruct the users to include the site in their trusted sites list. many users would unwittingly obey this because they wouldn't understand the difference. a little social engineering of the sort used by phishers could probably achieve this.
    Last edited by jbot; 07-13-2005 at 12:06 PM.
    *keep it simple (TM)

  • #14
    Regular Coder
    Join Date
    May 2005
    Posts
    313
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I don't think most people would unwittingly jump through security hoops. The same goes for FF; safeguards are in place (perhaps not quite as many). It's impossible for all practical purposes, but also necessary in some cases.
    Thanks in advance!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •