different way to upload file - file

Is there a way to upload a file by copying a file from the desktop and pasting it into a text input which will obviously just display the filename, rather than going through the file window and selecting the file?

Talking about web applications, that could be possible if you install a custom ActiveX object or even a Java applet, or maybe trying to exploit a browser vulnerability. But, most straight way to do that will be using a <input type='file'>
For client applications, you can do that, if your current user have appropriate permissions, like accessing your file system and accessing your web server through HTTP.
Anyways, you must provide more details to get more concrete answers.

I think this is not possible and should not be possible as this is a security issue. Consider the following scenario:
A malicious site example.com shows you a harmless looking form where they have hidden such a file upload textfield with the already inserted value '/etc/passwd'. They have used either a hidden_field or just display:none with CSS.
You fill in the form and submit without knowing you have also sent a file.

Related

Invoke File save as prompt while Downloading in ExtJS

I want to invoke the file save as prompt while allowing the user to download a file in ExtJS from a URL.
Basically the idea is to allow the user to change the file name and select his desired location before saving the file on their machine.
Is there any way I could do this?
I do not want to use:
A server side code to send the headers.
Nor do I want to use the Flash-based Downloadify library to do this.
Also, <a> tag's "download" attribute does download the file, but it does not prompt the dialog box if the browser settings are not set right.
Is there any way apart from the above where we could handle the file download in our application?
No, it cannot be done with javascript alone due to the security restrictions of the contemporary browsers. You can read files but I have no knowledge of a way to save files directly from the javascript alone.
If your "I do not want tos" are not that strict, here you can find an example of file downloading. The essence is to send "Content-Disposition: attachment" header.

download file which redirects?

I've tried to search for this both on Google and StackOverFlow, but simply can't find what I'm looking for, it might be that it's simply not possible, but thought I would ask anyway.
I'm looking for a way to make a file redirect the user to another page, the user would download the file by clicking on a button.
It's for a Prestashop downloadable product, I'm trying to redirect the user to another part of our site (which isn't directly visible) to be able to view magazines, etc. in a viewer.
Now Prestashop is natively set up to download the file, which is what we don't want, hence the use of the viewer, but there is no way to simply provide a link to send the user to instead of a physical file, like a PDF or something. I can't really modify the button as its generated by Prestashop, and if I add a PDF file with the link in there it defeats te purpose as I dont want people having the link in a document (I know they can find it from their history and so on). Hence I thought it would be easier to do it with a document that redirects if possible.
So in short, is it possible to make a file that would send people to a certain web page once they open/download this file on/to their computer?
And if yes, how would one go about it?
Can you make the user download an HTML file? If so, you can use "meta refresh" to redirect the user to your private page.
This does mean the unprotected link will be visible in downloaded HTML file - perhaps you can obfuscate this with JavaScript to make it a little more difficult for users to find your protected URL.
http://www.w3.org/TR/WCAG20-TECHS/H76

IE file download box get location

i am currently working on a issue where i need to get location of the file downloaded.First let me explain the scenario.
I placed a link in my page and when user clicks the link it shows file download dialog with open/save/cancel options in IE.Now when the user clicks on the save button and choose a location to save the file i need to get that file saved location using whatever options possible.
Thanks!
I do not think you can... at least not easy. This runs on the client, and for security reasons you can not acces the client's filesystem with javascript.
Maybe it is however possible using a flash or silverlight plugin, as the user can allow access from within these applications to the local filesystem. It might be very difficult tho...
The browser will not allow you to access information about the clients filesystem.

Silverlight and XtraReports - opening generated PDF report in new tab in browser

I'm trying to send a PDF file from a WCF to silverlight client. PDF is generated by DevExpress XtraReports (in method XtraReport CreateReport(string reportTypeName, RootGenericReportParameterContainer reportInformation)).
Acually PDF is saved somewhere on clients computer after choosing save path in file save dialog - DevExpress takes care of everything - but I don't have a clue how to open the PDF in new tab in browser.
And here is another problem. Silverlight 4 has no access to local file system right? So information about local PDF location is useless. Maybe it would be better to save the PDF in WCF and send a link to it to the client - but how?
I would first question why you need to send the file to the Silverlight client. Get rid of that requirement and the solution becomes much simpler. Silverlight can provide a link that opens a new browser tab. That link would be handled by the web domain, processing it as an HttpHandler, generating the PDF file for the browser. Your PDF url doesn't have to reference a physical file, you can still generate it on request, handle querystring values, etc... Lots of different ways to do this.
Seems that the question isn't really about DevExpress or Silverlight - you're just looking to open a [document of some kind] in a new tab. Each browser natively handles things differently, and users can change tab handling to whatever they want. And (as you mentioned) once the user has downloaded the file, you no longer control it.
Your best bet (and the way I do it) is probably to have a link pointing to a handler/file using "target='_blank' " in the anchor tag on the webpage. From the server side, you would want to set the "Content-Disposition" header to "Inline" to indicate to the browser that the document should be displayed in place instead of downloaded ("Attachment").

silverlight in html EMAIL body

I have a news letter which i did in silverlight, is there a way to send it in email. like as you include html tags, is there a way to include silverlight xap package in it.
Probably better to reference a webpage containing your silverlight content.
Technically, you could put the path to the .xap hosted on a website into an HTML email body, but nearly all mail clients will not display this - most even prevent images from loading by default.
Most email systems will prevent you from embedding active content like SilverLight, as it presents a security risk. Your only option probably is to put your SilverLight app on the web, and just email a link to it.
Don't if you want your newsletter to be read by anyone. See this article for a good list of do's and don'ts when sending emails.
Don't listen to those guys, they're probably FlashHeads... ;)
Besides that they give up too easily. More power to ya!
I assume this newsletter is for an audence that specifically desires your content: i.e a club or similar organization that doesn't have a windows based webserver.
What you do is attach the file in such a way that they drag a zip containing the files that would normally be served from a website to the hard drive - right click - extract all then they run it by clicking on an HTML file with .htm extension that hosts the silverlight plugin instead of an aspx file.
One note that probably won't matter to you is that without a server backing this up the content can't really send you back any info but it CAN get dynamic info that comes from say RSS feeds or WCF services hosted on the web.

Resources