File select explained

In HTML, a file-select control is a component of a web form with which a user can select a local file. When the form is submitted (perhaps together with other form data), the file is uploaded to the web server. There, when the file arrives, some action usually takes place, such as saving the file on the web server. However, the particular action that takes place is determined by the server-side script to which the form is submitted.

Code example

Here is a code example of a web form with a file-select control. It is the input element with type="file" that creates the file-select control.

Rendering

When it comes to the rendering on the screen of a file-select control, there is some variation among web browsers. Typically, on a Windows-based platform, user agents will render a file-select control as a text field, together with a "Browse" button. When the "Browse" button is pressed, a file dialog opens, with which actual file selection on one's platform can take place. After selection, the filename of the selected file is displayed in the text field. Alternatively, instead of using the "Browse" button, the filename can be entered directly in the text field.

Some browsers, notably Firefox,[1] no longer allow a filename to be typed directly in. This is a security measure - it is possible to trick the user into uploading confidential information.[2]

Functionality

The mechanism for form-based file upload was originally proposed in RFC 1867 (published November 1995), as an extension to HTML 2.0 (RFC 1866), after its publication. Form-based file upload then was incorporated in HTML 3.2, which explicitly refers to RFC 1867 for further information on form-based file upload.

HTML 4.01 does not, in itself, describe how the file-select control is supposed to work, but it does list RFC 2388 and RFC 1867 as references.[3]

Multiple file selection

The intention in RFC 1867 is that a single file-select control should allow selection of multiple files. This intention seems reflected in HTML 4.01, which, for the file-select control- type, states[4]

This control type allows the user to select files so that their contents may be submitted with a form. The INPUT element is used to create a file select control.
It has been noted[5] that the plural "files" in the above quote is an indication that, in HTML 4.01, a single-file select-control still was supposed to handle selection of multiple files and not just a single file.This situation is being clarified in HTML5 by adding a "multiple" attribute when the file input should accept multiple files. The current draft specifies the new behavior to be:
Unless the multiple attribute is set, there must be no more than one file in the list of selected files.[6]

Accept attribute

RFC 1867 also introduced the accept attribute for the input element. This would enable file-type filtering based on MIME type for the file-select control.

In addition, it is proposed that the INPUT tag have an ACCEPT attribute, which is a list of comma-separated media types.
If an ACCEPT attribute is present, the browser might constrain the file patterns prompted for to match those with the correspondingappropriate file extensions for the platform.
Thus, a user-agent may restrict file selection, as, for example, in the following, restricted to GIF and PNG images or any images:On a Windows platform, this might mean that the user agent would show files only of the types specified in the browse-file dialog.

Browser limitations

Basic support for the file-select control was adopted quickly by browser vendors. For example, already Internet Explorer 4,[7]

Notes and References

  1. Web site: 388784 – (CVE-2007-3511) Firefox file input focus stealing vulnerability . Bugzilla.mozilla.org . 2013-09-02.
  2. Web site: Mozilla Firefox OnKeyDown Event File Upload Vulnerability . Juniper.net . 2010-11-15 . 2013-09-02 . https://archive.today/20130221164034/http://www.juniper.net/security/auto/vulnerabilities/vuln24725.html . 2013-02-21 . dead .
  3. Web site: HTML 4 Specification References . W3.org . 2013-09-02.
  4. Web site: Forms in HTML documents . W3.org . 2013-09-02.
  5. Web site: File input (or "upload") in HTML forms . Cs.tut.fi . 2013-09-02.
  6. Web site: HTML 5.1 specification . W3C.
  7. Web site: Browser History: Opera . Blooberry.com . 2013-09-02.
  8. Web site: on December 10, 2009 by Paul Rouget . multiple file input in Firefox 3.6 ✩ Mozilla Hacks – the Web developer blog . Hacks.mozilla.org . 2009-12-10 . 2013-09-02.
  9. Web site: Using files from web applications - MDC . Developer.mozilla.org . 2013-08-23 . 2013-09-02.
  10. https://www.w3.org/TR/html51/sec-forms.html#the-multiple-attribute HTML 5.1 specification: 4.10.5.3 Common input element attributes
  11. Web site: input type=file Object |publisher=Msdn2.microsoft.com |date=2013-07-22 |accessdate=2013-09-02}} Netscape Navigator] 2.0 and Opera 3.5[7] recognized the input element of type="file" as a file-select control.

    However, most modern browsers still do not implement the file-select control as it was intended, or lack certain features.

    Cannot select multiple files

    Form-based upload of multiple files with a single file-select control is supported in current versions of Chrome, Firefox, Internet Explorer, Safari and Opera. One source states that Opera supports multiple-file selection through a single file-select control. This was true for Opera versions starting from 3.5, in which the file-upload feature was introduced. However, with the first beta release of Opera 7, this function was no longer available. Firefox version 3.6 started supporting multiple-file selection,[8] allowing the developer some limited access to the files themselves prior to being uploaded to the server, via the HTML5 File API.[9] This feature also allows users to drag-and-drop files from external applications (such as Windows Explorer) directly into the web application. One notable example of support for this feature is Gmail allowing attachments to be added in this way.

    HTML5 allows multiple file uploads using the multiple attribute on input elements.[10]

    JavaScript alternative

    One solution is to use client-side scripting such as JavaScript for generating an extra file-select control for each file the user selects for upload. Using CSS, these extra file-select controls may be set not to display. An example of this technique is demonstrated in the Multiple File Upload plugin for jQuery. In this manner, the multiple-file upload problem is solved by providing as many file-select controls as the user has files to upload. Still, this does not solve the problem of selecting multiple files for upload in Internet Explorer.

    Accept attribute support

    The accept attribute is currently supported by Opera 11+, Chrome 16+, Safari 6+, Firefox 9+ and Microsoft Internet Explorer 10+.

    External links

    .