2. 技术人生
    3. 不能使用脚本操作INPUTTYPE=File的value

    不能使用脚本操作INPUTTYPE=File的value

    技术2022-05-11  117

    PRB: Cannot Use Script to Manipulate INPUT TYPE=File Value

    View products that this article applies to. <script type="text/javascript">function loadTOCNode(){}</script> Article ID:266087Last Review:May 11, 2006Revision:3.0 This article was previously published under Q266087
    On This Page
    SYMPTOMS CAUSE RESOLUTION MORE INFORMATION Steps to Reproduce Behavior REFERENCES <script type="text/javascript"> var sectionFilter = "type != 'notice' && type != 'securedata' && type != 'querywords'"; var tocArrow = "/library/images/support/kbgraphics/public/en-us/downarrow.gif"; var depthLimit = 10; var depth3Limit = 10; var depth4Limit = 5; var depth5Limit = 3; var tocEntryMinimum = 1; </script><script src="/common/script/gsfx/kbtoc.js??4" type="text/javascript"></script>

    SYMPTOMS

    <script type="text/javascript">loadTOCNode(1, 'symptoms');</script> If you use an INPUT TYPE=File element in an HTML FORM element, you cannot set a file name programmatically, regardless if you use script or set the VALUE property of the INPUT element to a default value. Back to the top

    CAUSE

    <script type="text/javascript">loadTOCNode(1, 'cause');</script> Because INPUT TYPE=File allows arbitrary files to be uploaded from a user's computer to a remote server, setting this field programmatically is considered a security risk and is not supported. Back to the top

    RESOLUTION

    <script type="text/javascript">loadTOCNode(1, 'resolution');</script> Uploading content from a user's computer without his or her knowledge is contrary to the security paradigms of Web development. The user should be informed whenever content is going to be transferred off their computer, and the user should be given every opportunity to control or cancel the operation. If you require such functionality in your Web-based application, use an ActiveX control that is marked unsafe for scripting and/or unsafe for initialization. (The author of the control is responsible for telling users that the control is unsafe because, by definition, uploading files are unsafe. You can sign the control to ask users to trust your control.) Back to the top

    MORE INFORMATION

    <script type="text/javascript">loadTOCNode(1, 'moreinformation');</script>

    Steps to Reproduce Behavior

    <script type="text/javascript">loadTOCNode(2, 'moreinformation');</script> 1.In any text editor, create the following HTML file, and save the file as TestFileSubmit.htm: <HTML> <HEAD> <TITLE>Automating Input=File Dialog Boxes</TITLE> <SCRIPT> function load() { frm1.file1.value = "C:/config.sys"; } </SCRIPT> </HEAD> <BODY bgcolor="#ffffff"> <FORM name="frm1" action="/post.asp" METHOD="POST" ENCTYPE="multipart/form-data"> <INPUT type="File" name="file1" value="c:/boot.ini"></INPUT> </FORM> </BODY> </HTML> 2.In Internet Explorer 4.x or 5.x, load the page. Notice that none of the values that are assigned to the INPUT TYPE=File element appear in the Edit box.    网络上有的一种解决办法,我试了,并不怎么好使。跟安全性有关系,如果安全性高,代码也是无法运行的。 <SCRIPT LANGUAGE="JavaScript">  document.getElementById('filename').focus();  var WshShell=new ActiveXObject("WScript.Shell")  WshShell.sendKeys("test.txt") }

    专利

    最新回复(0)