You can't set the value of an input type="file" field and here's why:
<form id="hacker_form" action="/steal_your_file" ... >
<input type="file" value="/etc/passwd"/>
</form>
<script>
document.getElementById('hacker_form').submit();
</script>
If you were allowed to set the value like that, the above snippet
would upload the target file without the user even knowing it was
happening. That's the security issue.
--Erik
On 4/2/07, macm <[EMAIL PROTECTED]> wrote:
Hi
I am trying upload without refresh so I tried
http://the-stickman.com/web-development/javascript/upload-multiple-files-with-a-single-file-element/
Works like a charm but:
Browser Peculiarities
* Internet Explorer and Netscape do not use the VALUE attribute as
the default contents of the input area. Any default value set via HTML
is not usable via scripting and the DOM as well (hence it is not
listed as 'supported' in any of the browsers.) If a user enters text
in the field however, that value is then reachable via the DOM as it
normally would be for a normal INPUT field (via the .value property.)
The reason for this behavior would presumably be to ensure the
security/safety of users against malicious authors. Opera displays the
default VALUE attribute value and submits it as well (although it
prompts for confirmation on submit if you have not altered that
value.)
from: http://www.blooberry.com/indexdot/html/tagpages/i/inputfile.htm
I heard that exist a trick about this and I would like to know who can
tell me.
So How I have paths from example above.
Something like that => c:/mydocuments/myfile.gif
How can I insert this in input file element? (I know how can I insert
but the problem isnt accept like I said before)
If Input file dont accept value=" " how can I insert the path into
input element?
Regards
macm
