Tech Off Thread

4 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

HtmlInputFile control-restricting file types

Back to Forum: Tech Off
  • User profile image
    sundararajan

    Dear Folks,
         I have used HtmlInfputFile control in my app for uploading the files. i want to restrict the file type to images only(.jpg).
      the HtmlInputFile.Accept Property
      that is available with the control does not seem to work properly in all the browsers.
      Is there any other way round for getting the same functionality with the support for all browsers.

    Thanks in advance...

    regards,
    sundararajan.S

  • User profile image
    W3bbo

    Only via Javascript. But then you can never trust the user's browser.

    What's wrong with doing the validation server-side?

    
    Dim File As System.Web.HttpPostedFile
    File = Request.Files("File")
    
    Dim strFilename As String
    strFilename = FunctionToRemoveAbsolutePathFromIEPostedFiles(File.Filename)
    
    If (Not strFilename.Endswith(".jpg") ) AndAlso (Not File.Mimetype = "image/jpeg")  Then
        Response.Write("Invalid filetype uploaded")
    End If
    
    

  • User profile image
    harumscarum

    Either use javascript to detect the extension onSubmit or detect it on the server side.


    me slowww...err what he said Go to fullsize image

  • User profile image
    Maurits

    Is this for anyone to be able to upload?  Or only employees on a corporate intranet?

    If it's for anyone I'd check ALL of the following...
    * File name ends in .jpg or .jpeg
    * MIME type as reported by the uploading browser is image/jpeg (or equivalents)
    * File data starts out with the standard prefix JFIF (or something - check a real .jpeg file in a hex editor)

    It is all too easy for a black hat to upload a .exe that has been renamed and misreport the MIME type.

    If you're going to be creating a file out of it, watch out for directory separators in the file name and overlong Unicode escapes etc.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.