Closed
Bug 266744
Opened 20 years ago
Closed 19 years ago
[FIXr]unable to clear the value of an input type="file"
Categories
(Core :: DOM: Core & HTML, defect, P1)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla1.8alpha5
People
(Reporter: richard.gibson, Assigned: bzbarsky)
References
Details
Attachments
(2 files)
1.08 KB,
patch
|
sicking
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
547 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1 In-page ECMAScript and ECMAScript in the location bar with the "javascript:" protocol are unable to alter the value on an input type="file" element (which is possible through "Evaluate Javascript..." in the DOM Inspector). Attemping to do so generates a NS_ERROR_DOM_SECURITY_ERR exception. This is probably intentional to avoid malicious uploading of files, but there should be a way to clear the value to prevent uploading of any file with a given input. However, the behavior is needed (in my case) because I am trying to script a multiple file input from independed file inputs, and I use cloneNode when a new input is needed. cloneNode correctly copies the value attribute, but since I cannot clear it I end up with an input ready to upload the same file twice rather than the new blank input that I desired. Reproducible: Always Steps to Reproduce: 1. Open a page with a form containing a file input 2. Attempt to set its value, for example with "javascript:void(document.getElementById('fileInputId').value='');" Actual Results: Error: uncaught exception: [Exception... "Security error" code: "1000" nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)" location: "javascript:void(document.getElementById('fileInputId').value=''); Line: 1"] Expected Results: Cleared the value of the input
Comment 1•20 years ago
|
||
maybe cloneNode on the <input> should clear the value...
Assignee | ||
Comment 2•20 years ago
|
||
No, as comment 0 says cloneNode() is correctly preserving the value. Perhaps we should allow attempts to set the value to "" to pass the security check? There should be no security issue with that, methinks.
Reporter | ||
Comment 3•20 years ago
|
||
(In reply to comment #2) > Perhaps we should allow attempts to set the value to "" to pass the security > check? There should be no security issue with that, methinks. That is exactly the behavior I'm hoping for.
Comment 4•20 years ago
|
||
Yeah, sounds reasonable to me.
a "me too" from me too :)
Assignee | ||
Comment 6•20 years ago
|
||
Assignee | ||
Updated•20 years ago
|
Attachment #163894 -
Flags: superreview?(jst)
Attachment #163894 -
Flags: review?(bugmail)
Comment 7•20 years ago
|
||
Comment on attachment 163894 [details] [diff] [review] Like so sr=jst
Attachment #163894 -
Flags: superreview?(jst) → superreview+
Attachment #163894 -
Flags: review?(bugmail) → review+
Assignee | ||
Updated•20 years ago
|
Assignee: general → bzbarsky
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Summary: unable to clear the value of an input type="file" → [FIXr]unable to clear the value of an input type="file"
Target Milestone: --- → mozilla1.8alpha5
Comment 8•20 years ago
|
||
+ //check secuity wanna fix that typo while you're at it? :) and maybe add a space after the //?
Comment 9•20 years ago
|
||
Comment on attachment 163894 [details] [diff] [review] Like so >- //check secuity >- if (mType == NS_FORM_INPUT_FILE) { >+ //check secuity. Note that setting the value to the empty string is always As long as you're changing this please fix the "secuity" typo. Looks good to me, too.
Assignee | ||
Comment 10•20 years ago
|
||
Fixed on trunk.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 11•19 years ago
|
||
I just double-checked this with Firefox 1.0.6 on Windows 2000, and I think it resurrected itself because I still get the NS_ERROR_DOM_SECURITY_ERR. Is IsEmpty() failing on a JavaScript-provided empty string or something?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Could you attach a testcase?
Reporter | ||
Comment 13•19 years ago
|
||
Comment 14•19 years ago
|
||
If not mistaken, this was never checked in to the 1.0.x branch, see comment 10
indeed
Status: REOPENED → RESOLVED
Closed: 20 years ago → 19 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 16•19 years ago
|
||
Yeah, that was it. How embarassing. I don't really know how to follow the development branches (or find the code for them); will this be fixed in 1.5?
Yes. You can download Deer Park Alpha 2 or a nightly build to test.
Comment 18•19 years ago
|
||
*** Bug 293695 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•