HTML5 -> 'input' tag -> 'accept' attribute
HTML5 -> 'input' tag -> 'accept' attribute
I'm a little confused with this attribute, it doesn't appear to do anything?
OK, in IE it has the drop down pre-filtered, but it doesn't work in FF and both still let you select any file you wish.
It will also still allow you to submit a form with a file that is invalid and not an acceptable file type.
Am I missing something or does this HTML5 attribute simply not work in any browser currently?
"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."
"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"
Free Electronic Dance Music
RE: HTML5 -> 'input' tag -> 'accept' attribute
It limits what the dialog shows. But it can easily be overridden.
BTW, it works for me on FF and Chrome on Windows and Ubuntu. And IE on Windows to filter the files.
----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.
Web & Tech
RE: HTML5 -> 'input' tag -> 'accept' attribute
I was hoping to only have to check file type once client side, but it seems the shim I'm using isn't working with the options argument (though I may be passing it incorrectly), and now even those that do handle the HTML 5 attribute, don't actually lock down the file type.
Bit odd as the attribute is called 'accept' not 'filter'.
Oh well, looks like I still need to code client side validation on top of this attribute as well as the usual defensive server side coding.
Thanks for the clarification Phil, appreciated.
"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."
"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"
Free Electronic Dance Music
RE: HTML5 -> 'input' tag -> 'accept' attribute
Oooh no, dangerous client side that check is.
But seriously not checking server side, preferably by content type (MIME) allows such things as filename.php.jpg or filename.pl.png to be uploaded which will execute as PHP and Perl scripts respectively.
Chris.
Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum
RE: HTML5 -> 'input' tag -> 'accept' attribute
I was hoping HTML5 'accept' would prevent invalid files being submitted and then I only need the usual server side checking.
It seems I still need to write stuff client side as well as server side.
I wasn't implying I only wanted to do it once on the client side leaving the web service vulnerable!
"In complete darkness we are all the same, it is only our knowledge and wisdom that separates us, don't let your eyes deceive you."
"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"
Free Electronic Dance Music
RE: HTML5 -> 'input' tag -> 'accept' attribute
Basically there's no way to know what the user is submitting until it reaches the server.
----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.
Web & Tech