tags:

views:

87

answers:

2
Q: 

Getting around Firefox not passing the file path

I need a means of getting past Firefox's irritating refusal to pass the full path of a file selected using the input file element. This issue has come up in multiple other forums and I haven't found any solutions that are helpful.

What I want is a means, via javascript, to open a file dialog (without using the silly "hidden file input element that you just call click on" method because that doesn't solve anything). Then, when the user selects a file, I stow the full path in a regular text field. The question: is that feasible at all?

If not, I don't suppose anyone knows of a handy place to find all the properties and relevant functions to call on a javascript file object. For example

<input type="file" name="file_upload" onchange="alert(this.items.item(0).some_property)">

I found a handy list here but I'm keeping my fingers crossed that there's a property corresponding to a full file path (I know, wishfull thinking I'm sure). Anyways, comments are greatly appreciated (unless you just tell me to stop whining about something Firefox has no intention of fixing).

+5  A: 

Why would the server ever need to know the full path on the client?

Regardless of why, this is intentional behavior, as exposing this kind of information is a security risk.

It is highly unlikely to change, an any workarounds you may find may end up being shut down by browser writers as the security risks that they are.

Oded  2010-07-19 18:56:36
I'm working with a legacy document upload system that takes the uploaded path and splits it into 3 tokens: the file name, file extension, and file path. However, looking through the old code, I can't see anywhere in our system where the path is actually being used. The entire purpose seems to be on the level of: "hey, remember that file you just uploaded? No? Well here's the path, do you remember now?" Kind of useless so consider the question rescinded. Thanks for all the replies though - except for Byron Whitlock...what a punk :)
JDS  2010-07-20 13:40:10
+4  A: 

This is an intentional security feature and unlikely to go away.

Internet Explorer 8 does the same thing now:

Additionally, the “Include local directory path when uploading files” URLAction has been set to "Disable" for the Internet Zone. This change prevents leakage of potentially sensitive local file-system information to the Internet. For instance, rather than submitting the full path C:\users\ericlaw\documents\secret\image.png, Internet Explorer 8 will now submit only the filename image.png.

Flash-based uploaders like SWFUpload should be able to store the full path with some tweaking.

Unicron  2010-07-19 18:57:10

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?