[thelist] Local path of uploaded file

Lee Kowalkowski lee.kowalkowski at googlemail.com
Wed Oct 28 08:24:13 CDT 2009


2009/10/28 Roel Mulder <roel.mulder at gmail.com>:
> My question is: how do I keep the local path + file name in the <input
> type="file" /> input field?

It's not possible, otherwise, an attacker would be able to craft a
form that automatically submits and uploads files against a victim's
knowledge.

You should try to match your validation in JavaScript if possible to
help prevent this situation.

-- 
Lee
www.webdeavour.co.uk



More information about the thelist mailing list