PRB: Cannot Use Script to Manipulate INPUT TYPE=File Value
<script type="text/javascript">function loadTOCNode(){}</script>Article ID | : | 266087 |
Last Review | : | May 11, 2006 |
Revision | : | 3.0 |
This article was previously published under Q266087
<script type="text/javascript"> var sectionFilter = "type != 'notice' && type != 'securedata' && type != 'querywords'"; var tocArrow = "/library/images/support/kbgraphics/public/en-us/downarrow.gif"; var depthLimit = 10; var depth3Limit = 10; var depth4Limit = 5; var depth5Limit = 3; var tocEntryMinimum = 1; </script><script src="/common/script/gsfx/kbtoc.js??4" type="text/javascript"></script>
SYMPTOMS
<script type="text/javascript">loadTOCNode(1, 'symptoms');</script>
If you use an
INPUT TYPE=File element in an HTML
FORM element, you cannot set a file name programmatically, regardless if you use script or set the VALUE property of the
INPUT element to a default value.
CAUSE
<script type="text/javascript">loadTOCNode(1, 'cause');</script>
Because
INPUT TYPE=File allows arbitrary files to be uploaded from a user's computer to a remote server, setting this field programmatically is considered a security risk and is not supported.
RESOLUTION
<script type="text/javascript">loadTOCNode(1, 'resolution');</script>
Uploading content from a user's computer without his or her knowledge is contrary to the security paradigms of Web development. The user should be informed whenever content is going to be transferred off their computer, and the user should be given every opportunity to control or cancel the operation.
If you require such functionality in your Web-based application, use an ActiveX control that is marked unsafe for scripting and/or unsafe for initialization. (The author of the control is responsible for telling users that the control is unsafe because, by definition, uploading files are unsafe. You can sign the control to ask users to trust your control.)
If you require such functionality in your Web-based application, use an ActiveX control that is marked unsafe for scripting and/or unsafe for initialization. (The author of the control is responsible for telling users that the control is unsafe because, by definition, uploading files are unsafe. You can sign the control to ask users to trust your control.)
MORE INFORMATION
<script type="text/javascript">loadTOCNode(1, 'moreinformation');</script>Steps to Reproduce Behavior
<script type="text/javascript">loadTOCNode(2, 'moreinformation');</script>1. | In any text editor, create the following HTML file, and save the file as TestFileSubmit.htm: |
2. | In Internet Explorer 4.x or 5.x, load the page. Notice that none of the values that are assigned to the INPUT TYPE=File element appear in the Edit box. |
网络上有的一种解决办法,我试了,并不怎么好使。跟安全性有关系,如果安全性高,代码也是无法运行的。
<SCRIPT LANGUAGE="JavaScript">
document.getElementById('filename').focus();
var WshShell=new ActiveXObject("WScript.Shell")
WshShell.sendKeys("test.txt")
}
document.getElementById('filename').focus();
var WshShell=new ActiveXObject("WScript.Shell")
WshShell.sendKeys("test.txt")
}