Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Jump to content

File select: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
 
(16 intermediate revisions by 13 users not shown)
Line 3: Line 3:
==Code example==
==Code example==
Here is a code example of a web form with a file-select control. It is the <code>input</code> element with <code>type="file"</code> that creates the file-select control.
Here is a code example of a web form with a file-select control. It is the <code>input</code> element with <code>type="file"</code> that creates the file-select control.
<source lang="html4strict">
<syntaxhighlight lang="html">
<form action="form-handler.php" method="post" enctype="multipart/form-data">
<form action="form-handler.php" method="post" enctype="multipart/form-data">
<div>
<div>
Line 10: Line 10:
</div>
</div>
</form>
</form>
</syntaxhighlight>
</source>


==Rendering==
==Rendering==
<!-- Deleted image removed: [[Image:Firefox2-screen-shot-before-file-selection-winxp.png|right|354px|thumb|[[Firefox]] 2 screen shot on [[Windows XP]] showing the rendering of the previous example. The file-select control is comprised by the text field, together with the "Browse" button. The second button is a submit button]] -->
<!-- Deleted image removed: [[Image:Firefox2-screen-shot-before-file-selection-winxp.png|right|354px|thumb|[[Firefox]] 2 screen shot on [[Windows XP]] showing the rendering of the previous example. The file-select control is comprised by the text field, together with the "Browse" button. The second button is a submit button]] -->


<!--[[Image:Firefox2-screen-shot-during-file-selection-winxp.png|right|354px|thumb|After clicking the "Browse" button the [[file dialog]] opens {{ffdc|1=Firefox2-screen-shot-during-file-selection-winxp.png|log=2014 July 8}}]]-->
<!--[[Image:Firefox2-screen-shot-during-file-selection-winxp.png|right|354px|thumb|After clicking the "Browse" button the [[file dialog]] opens {{ffdc|1=Firefox2-screen-shot-during-file-selection-winxp.png|log=2014 July 8}}]]-->


<!-- Deleted image removed: [[Image:Firefox2-screen-shot-after-file-selection-winxp.png|right|354px|thumb|After file selection, the filename is displayed in the text field. The form is submitted by clicking the second button; the file will be uploaded.]] -->
<!-- Deleted image removed: [[Image:Firefox2-screen-shot-after-file-selection-winxp.png|right|354px|thumb|After file selection, the filename is displayed in the text field. The form is submitted by clicking the second button; the file will be uploaded.]] -->


When it comes to the rendering on the screen of a file-select control, there is some variation among [[web browser]]s. Typically, on a Windows-based platform, user agents will render a file-select control as a text field, together with a "Browse" button. When the "Browse" button is pressed, a [[file dialog]] opens, with which actual file selection on one's platform can take place. After selection, the filename of the selected file is displayed in the text field, with its full path. Alternatively, instead of using the "Browse" button, the filename can be entered directly in the text field.
When it comes to the rendering on the screen of a file-select control, there is some variation among [[web browser]]s. Typically, on a Windows-based platform, user agents will render a file-select control as a text field, together with a "Browse" button. When the "Browse" button is pressed, a [[file dialog]] opens, with which actual file selection on one's platform can take place. After selection, the filename of the selected file is displayed in the text field. Alternatively, instead of using the "Browse" button, the filename can be entered directly in the text field.


Some browsers, notably [[Firefox]],<ref name=firefox-vuln-info>{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=388784 |title=388784 – (CVE-2007-3511) Firefox file input focus stealing vulnerability |publisher=Bugzilla.mozilla.org |date= |accessdate=2013-09-02}}</ref> no longer allow a filename to be typed directly in. This is a security measure - it is possible to trick the user into uploading confidential information.<ref name=juniper>{{cite web|url=http://www.juniper.net/security/auto/vulnerabilities/vuln24725.html |title=Mozilla Firefox OnKeyDown Event File Upload Vulnerability |publisher=Juniper.net |date=2010-11-15 |accessdate=2013-09-02}}</ref>
Some browsers, notably [[Firefox]],<ref name=firefox-vuln-info>{{cite web|url=https://bugzilla.mozilla.org/show_bug.cgi?id=388784 |title=388784 – (CVE-2007-3511) Firefox file input focus stealing vulnerability |publisher=Bugzilla.mozilla.org |date= |accessdate=2013-09-02}}</ref> no longer allow a filename to be typed directly in. This is a security measure - it is possible to trick the user into uploading confidential information.<ref name=juniper>{{cite web |url=http://www.juniper.net/security/auto/vulnerabilities/vuln24725.html |title=Mozilla Firefox OnKeyDown Event File Upload Vulnerability |publisher=Juniper.net |date=2010-11-15 |accessdate=2013-09-02 |archive-url=https://archive.today/20130221164034/http://www.juniper.net/security/auto/vulnerabilities/vuln24725.html |archive-date=2013-02-21 |url-status=dead }}</ref>


==Functionality==
==Functionality==
Line 32: Line 32:
<blockquote>
<blockquote>
This control type allows the user to select files so that their contents may be submitted with a form. The INPUT element is used to create a file select control.</blockquote>
This control type allows the user to select files so that their contents may be submitted with a form. The INPUT element is used to create a file select control.</blockquote>
It has been noted<ref name=jkorpela>{{cite web|url=http://www.cs.tut.fi/~jkorpela/forms/file.html |title=File input (or "upload") in HTML forms |publisher=Cs.tut.fi |date= |accessdate=2013-09-02}}</ref> that the plural "files" in the above quote is an indication that, in HTML 4.01, a single-file select-control still was supposed to handle selection of multiple files and not just a single file.
It has been noted<ref name=jkorpela>{{cite web|url=https://jkorpela.fi/forms/file.html |title=File input (or "upload") in HTML forms |publisher=Cs.tut.fi |date= |accessdate=2013-09-02}}</ref> that the plural "files" in the above quote is an indication that, in HTML 4.01, a single-file select-control still was supposed to handle selection of multiple files and not just a single file.
This situation is being clarified in HTML5 by adding a "multiple" attribute when the file input should accept multiple files. The current draft specifies the new behavior to be: <blockquote>Unless the multiple attribute is set, there must be no more than one file in the list of selected files.<ref>{{cite web|url=http://dev.w3.org/html5/spec/Overview.html#file-upload-state |title=HTML 5.1 Nightly |publisher=Dev.w3.org |date=2004-02-05 |accessdate=2013-09-02}}</ref></blockquote>
This situation is being clarified in HTML5 by adding a "multiple" attribute when the file input should accept multiple files. The current draft specifies the new behavior to be: <blockquote>Unless the multiple attribute is set, there must be no more than one file in the list of selected files.<ref>{{cite web|url=https://www.w3.org/TR/html51/sec-forms.html#file-upload-state-typefile |title=HTML 5.1 specification |publisher=W3C}}</ref></blockquote>


===Accept attribute===
===Accept attribute===
Line 45: Line 45:
</blockquote>
</blockquote>
Thus, a user-agent may restrict file selection, as, for example, in the following, restricted to GIF and PNG images or any images:
Thus, a user-agent may restrict file selection, as, for example, in the following, restricted to GIF and PNG images or any images:
<source lang="html4strict">
<syntaxhighlight lang="html">
<input id="myfile" name="myfile" type="file" accept="image/gif,image/png">
<input id="myfile" name="myfile" type="file" accept="image/gif,image/png">
<input id="myfile" name="myfile" type="file" accept="image/*">
<input id="myfile" name="myfile" type="file" accept="image/*">
</syntaxhighlight>
</source>
On a Windows platform, this might mean that the user agent would show files only of the types specified in the browse-file dialog.
On a Windows platform, this might mean that the user agent would show files only of the types specified in the browse-file dialog.


Line 57: Line 57:


===Cannot select multiple files===
===Cannot select multiple files===
Form-based upload of multiple files with a single file-select control is supported in current versions of Chrome, Firefox, Internet Explorer, Safari and Opera. One source states<ref name=jkorpela/> that Opera supports multiple-file selection through a single file-select control. This was true for Opera versions starting from 3.5, in which the file-upload feature was introduced.<ref name="opera_history"/> However, with the first beta release of Opera 7 line, this function was no longer available. Firefox version 3.6 started supporting multiple-file selection,<ref name="firefox_3.6">{{cite web|author=on December 10, 2009 by Paul Rouget |url=http://hacks.mozilla.org/2009/12/multiple-file-input-in-firefox-3-6/ |title=multiple file input in Firefox 3.6 ✩ Mozilla Hacks – the Web developer blog |publisher=Hacks.mozilla.org |date=2009-12-10 |accessdate=2013-09-02}}</ref> allowing the developer some limited access to the files themselves prior to being uploaded to the server, via the HTML5 File API.<ref name="mdc_using_files">{{cite web|url=https://developer.mozilla.org/en/Using_files_from_web_applications |title=Using files from web applications - MDC |publisher=Developer.mozilla.org |date=2013-08-23 |accessdate=2013-09-02}}</ref> This feature also allows users to drag-and-drop files from external applications (such as [[Windows Explorer]]) directly into the web application. One notable example of support for this feature is [[Gmail]] allowing attachments to be added in this way.
Form-based upload of multiple files with a single file-select control is supported in current versions of Chrome, Firefox, Internet Explorer, Safari and Opera. One source states<ref name=jkorpela/> that Opera supports multiple-file selection through a single file-select control. This was true for Opera versions starting from 3.5, in which the file-upload feature was introduced.<ref name="opera_history"/> However, with the first beta release of Opera 7, this function was no longer available. Firefox version 3.6 started supporting multiple-file selection,<ref name="firefox_3.6">{{cite web|author=on December 10, 2009 by Paul Rouget |url=https://hacks.mozilla.org/2009/12/multiple-file-input-in-firefox-3-6/ |title=multiple file input in Firefox 3.6 ✩ Mozilla Hacks – the Web developer blog |publisher=Hacks.mozilla.org |date=2009-12-10 |accessdate=2013-09-02}}</ref> allowing the developer some limited access to the files themselves prior to being uploaded to the server, via the [[HTML5 File API]].<ref name="mdc_using_files">{{cite web|url=https://developer.mozilla.org/en/Using_files_from_web_applications |title=Using files from web applications - MDC |publisher=Developer.mozilla.org |date=2013-08-23 |accessdate=2013-09-02}}</ref> This feature also allows users to drag-and-drop files from external applications (such as [[Windows Explorer]]) directly into the web application. One notable example of support for this feature is [[Gmail]] allowing attachments to be added in this way.


HTML5 allows multiple file uploads using the [http://dev.w3.org/html5/spec/common-input-element-attributes.html#the-multiple-attribute multiple attribute] on input elements.
HTML5 allows multiple file uploads using the ''multiple'' attribute on input elements.<ref>[https://www.w3.org/TR/html51/sec-forms.html#the-multiple-attribute HTML 5.1 specification: 4.10.5.3 Common input element attributes]</ref>


====JavaScript alternative====
====JavaScript alternative====
Line 72: Line 72:
==External links==
==External links==
* [http://www.w3.org/TR/html4/interact/forms.html#file-select Specification of the file select control from W3C]
* [http://www.w3.org/TR/html4/interact/forms.html#file-select Specification of the file select control from W3C]
* [https://programmerdesk.com/php-file-upload-in-database-with-error-handling/ File Upload with error handling]

[[Category:HTML]]
[[Category:HTML]]

Latest revision as of 19:29, 17 December 2023

In HTML, a file-select control is a component of a web form with which a user can select a local file. When the form is submitted (perhaps together with other form data), the file is uploaded to the web server. There, when the file arrives, some action usually takes place, such as saving the file on the web server. However, the particular action that takes place is determined by the server-side script to which the form is submitted.

Code example

[edit]

Here is a code example of a web form with a file-select control. It is the input element with type="file" that creates the file-select control.

<form action="form-handler.php" method="post" enctype="multipart/form-data">
	<div>
		<input id="myfile" name="myfile" type="file">
		<input value="Upload ►" type="submit">
	</div>
</form>

Rendering

[edit]

When it comes to the rendering on the screen of a file-select control, there is some variation among web browsers. Typically, on a Windows-based platform, user agents will render a file-select control as a text field, together with a "Browse" button. When the "Browse" button is pressed, a file dialog opens, with which actual file selection on one's platform can take place. After selection, the filename of the selected file is displayed in the text field. Alternatively, instead of using the "Browse" button, the filename can be entered directly in the text field.

Some browsers, notably Firefox,[1] no longer allow a filename to be typed directly in. This is a security measure - it is possible to trick the user into uploading confidential information.[2]

Functionality

[edit]

The mechanism for form-based file upload was originally proposed in RFC 1867 (published November 1995), as an extension to HTML 2.0 (RFC 1866), after its publication. Form-based file upload then was incorporated in HTML 3.2, which explicitly refers to RFC 1867 for further information on form-based file upload.

HTML 4.01 does not, in itself, describe how the file-select control is supposed to work, but it does list RFC 2388 and RFC 1867 as references.[3]

Multiple file selection

[edit]

The intention in RFC 1867 is that a single file-select control should allow selection of multiple files. This intention seems reflected in HTML 4.01, which, for the file-select control- type, states[4]

This control type allows the user to select files so that their contents may be submitted with a form. The INPUT element is used to create a file select control.

It has been noted[5] that the plural "files" in the above quote is an indication that, in HTML 4.01, a single-file select-control still was supposed to handle selection of multiple files and not just a single file.

This situation is being clarified in HTML5 by adding a "multiple" attribute when the file input should accept multiple files. The current draft specifies the new behavior to be:

Unless the multiple attribute is set, there must be no more than one file in the list of selected files.[6]

Accept attribute

[edit]

RFC 1867 also introduced the accept attribute for the input element. This would enable file-type filtering based on MIME type for the file-select control.

In addition, it is proposed that the INPUT tag have an ACCEPT attribute, which is a list of comma-separated media types.

If an ACCEPT attribute is present, the browser might constrain the file patterns prompted for to match those with the corresponding appropriate file extensions for the platform.

Thus, a user-agent may restrict file selection, as, for example, in the following, restricted to GIF and PNG images or any images:

<input id="myfile" name="myfile" type="file" accept="image/gif,image/png">
<input id="myfile" name="myfile" type="file" accept="image/*">

On a Windows platform, this might mean that the user agent would show files only of the types specified in the browse-file dialog.

Browser limitations

[edit]

Basic support for the file-select control was adopted quickly by browser vendors. For example, already Internet Explorer 4,[7] Netscape Navigator 2.0 and Opera 3.5[8] recognized the input element of type="file" as a file-select control.

However, most modern browsers still do not implement the file-select control as it was intended, or lack certain features.[5]

Cannot select multiple files

[edit]

Form-based upload of multiple files with a single file-select control is supported in current versions of Chrome, Firefox, Internet Explorer, Safari and Opera. One source states[5] that Opera supports multiple-file selection through a single file-select control. This was true for Opera versions starting from 3.5, in which the file-upload feature was introduced.[8] However, with the first beta release of Opera 7, this function was no longer available. Firefox version 3.6 started supporting multiple-file selection,[9] allowing the developer some limited access to the files themselves prior to being uploaded to the server, via the HTML5 File API.[10] This feature also allows users to drag-and-drop files from external applications (such as Windows Explorer) directly into the web application. One notable example of support for this feature is Gmail allowing attachments to be added in this way.

HTML5 allows multiple file uploads using the multiple attribute on input elements.[11]

JavaScript alternative

[edit]

One solution is to use client-side scripting such as JavaScript for generating an extra file-select control for each file the user selects for upload. Using CSS, these extra file-select controls may be set not to display. An example of this technique is demonstrated in the Multiple File Upload plugin for jQuery. In this manner, the multiple-file upload problem is solved by providing as many file-select controls as the user has files to upload. Still, this does not solve the problem of selecting multiple files for upload in Internet Explorer.

Accept attribute support

[edit]

The accept attribute is currently supported by Opera 11+, Chrome 16+, Safari 6+, Firefox 9+ and Microsoft Internet Explorer 10+.

References

[edit]
  1. ^ "388784 – (CVE-2007-3511) Firefox file input focus stealing vulnerability". Bugzilla.mozilla.org. Retrieved 2013-09-02.
  2. ^ "Mozilla Firefox OnKeyDown Event File Upload Vulnerability". Juniper.net. 2010-11-15. Archived from the original on 2013-02-21. Retrieved 2013-09-02.
  3. ^ "HTML 4 Specification References". W3.org. Retrieved 2013-09-02.
  4. ^ "Forms in HTML documents". W3.org. Retrieved 2013-09-02.
  5. ^ a b c "File input (or "upload") in HTML forms". Cs.tut.fi. Retrieved 2013-09-02.
  6. ^ "HTML 5.1 specification". W3C.
  7. ^ "input type=file Object". Msdn2.microsoft.com. 2013-07-22. Retrieved 2013-09-02.
  8. ^ a b "Browser History: Opera". Blooberry.com. Retrieved 2013-09-02.
  9. ^ on December 10, 2009 by Paul Rouget (2009-12-10). "multiple file input in Firefox 3.6 ✩ Mozilla Hacks – the Web developer blog". Hacks.mozilla.org. Retrieved 2013-09-02.{{cite web}}: CS1 maint: numeric names: authors list (link)
  10. ^ "Using files from web applications - MDC". Developer.mozilla.org. 2013-08-23. Retrieved 2013-09-02.
  11. ^ HTML 5.1 specification: 4.10.5.3 Common input element attributes
[edit]