Closed Bug 266744 Opened 20 years ago Closed 19 years ago

[FIXr]unable to clear the value of an input type="file"

Categories

(Core :: DOM: Core & HTML, defect, P1)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.8alpha5

People

(Reporter: richard.gibson, Assigned: bzbarsky)

References

Details

Attachments

(2 files)

Like so
1.08 KB, patch
sicking
: review+
jst
: superreview+
Details | Diff | Splinter Review
testcase
547 bytes, text/html
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; rv:1.7.3) Gecko/20041001 Firefox/0.10.1

In-page ECMAScript and ECMAScript in the location bar with the "javascript:"
protocol are unable to alter the value on an input type="file" element (which is
possible through "Evaluate Javascript..." in the DOM Inspector).  Attemping to
do so generates a NS_ERROR_DOM_SECURITY_ERR exception.  This is probably
intentional to avoid malicious uploading of files, but there should be a way to
clear the value to prevent uploading of any file with a given input.

However, the behavior is needed (in my case) because I am trying to script a
multiple file input from independed file inputs, and I use cloneNode when a new
input is needed.  cloneNode correctly copies the value attribute, but since I
cannot clear it I end up with an input ready to upload the same file twice
rather than the new blank input that I desired.

Reproducible: Always
Steps to Reproduce:
1. Open a page with a form containing a file input
2. Attempt to set its value, for example with
"javascript:void(document.getElementById('fileInputId').value='');"
Actual Results:  
Error: uncaught exception: [Exception... "Security error"  code: "1000"
nsresult: "0x805303e8 (NS_ERROR_DOM_SECURITY_ERR)"  location:
"javascript:void(document.getElementById('fileInputId').value=''); Line: 1"]

Expected Results:  
Cleared the value of the input
maybe cloneNode on the <input> should clear the value...
No, as comment 0 says cloneNode() is correctly preserving the value.

Perhaps we should allow attempts to set the value to "" to pass the security
check?  There should be no security issue with that, methinks.
(In reply to comment #2)
> Perhaps we should allow attempts to set the value to "" to pass the security
> check?  There should be no security issue with that, methinks.

That is exactly the behavior I'm hoping for.
Yeah, sounds reasonable to me.
Attached patch Like soSplinter Review 

    
  

        Attachment #163894 -
        Flags: superreview?(jst)

        Attachment #163894 -
        Flags: review?(bugmail)

    
    

    
  
Comment on attachment 163894 [details] [diff] [review]
Like so

sr=jst

        Attachment #163894 -
        Flags: superreview?(jst) → superreview+

    
  
Assignee: general → bzbarsky
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Summary: unable to clear the value of an input type="file" → [FIXr]unable to clear the value of an input type="file"
Target Milestone: --- → mozilla1.8alpha5

    
    

    
  
+  //check secuity

wanna fix that typo while you're at it? :) and maybe add a space after the //?

    
    

    
  
Comment on attachment 163894 [details] [diff] [review]
Like so

>-  //check secuity
>-  if (mType == NS_FORM_INPUT_FILE) {
>+  //check secuity.  Note that setting the value to the empty string is always

As long as you're changing this please fix the "secuity" typo.

Looks good to me, too.

    
    

    
  
Fixed on trunk.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED

    
    

    
  
I just double-checked this with Firefox 1.0.6 on Windows 2000, and I think it
resurrected itself because I still get the NS_ERROR_DOM_SECURITY_ERR.  Is
IsEmpty() failing on a JavaScript-provided empty string or something?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  

      
      
      
      

        Attached file
          
        testcase
      

    


  

    
    

    
  
If not mistaken, this was never checked in to the 1.0.x branch, see comment 10

    
    

    
  
indeed
Status: REOPENED → RESOLVED
Closed: 20 years ago19 years ago
Resolution: --- → FIXED

    
    

    
  
Yeah, that was it.  How embarassing.  I don't really know how to follow the
development branches (or find the code for them); will this be fixed in 1.5?

    
    

    
  
Yes. You can download Deer Park Alpha 2 or a nightly build to test.

    
    

    
  
*** Bug 293695 has been marked as a duplicate of this bug. ***

    
  
Component: DOM: HTML → DOM: Core & HTML
QA Contact: ian → general

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: