开发者

Is the form element <input type="file"> dependent on external software to recognize filetypes to upload?

问答 作者:

I've been running into some unusual behavior in my upload form. It seems that the form won't recognize an office spreadsheet file unless office is installed on the client's machine. This doesn't make any sense to me but in Chrome, Firefox, and IE8 my upload fails to pass an XLSX file unless the client computer has Microsoft Office installed.

Is this normal? Is there a way around this?

Here's the basic form I'm using:

    <form enctype="multipart/form-data" method="post" action="<%=request.ServerVariables("SCRIPT_NAME")%>">
        <table>
            <tr>
                <th>XLS File </th>
                <td><input type="file" name="UploadXLS" value=""  style="width:300px" /></td>
            </tr>
        </ta开发者_开发百科ble>
        <p><button type="submit">Upload</button></p>
    </form>

edit

Here is the code that validates an xls or xlsx file:

if  NOT (trim(fileXLS.ContentType) = "application/vnd.ms-excel" _
    or trim(fileXLS.ContentType) = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" ) _
then
    dictImportErrors.add "xlsContentType", "Spreadsheet file is not an XLS or an XLSX<br />Or, the file could be open in another location"
end if

fileXLS is an object comming from Persits.Upload dll in classic asp.

I don't know how MIME type detection works on Windows systems, but if you are using the MIME type sent by the browser, I suppose this behaviour makes sense. I suppose MS Office will inform whatever part of the operating system resolves file types to MIME types that files with the extension .XSLX are to be treated as application/ms-office-whatever. Browsers will have their own MIME type table but will rely on the operating system for unknown types.

However, relying on that MIME type is not a good idea anyway. It can be unreliable (as we can see) and it can be tampered with.

It would be more feasible to do a proper server-side check. For example, AFAIK, XSLX files are zipped collections of XML files, no? In that case, you could unzip the file and take a peek inside.

Re your edit: This seems indeed to be relying on the MIME type sent. It would be better to do a detection on server side. I'm not familiar with ASP though so I don't know what options for that exist. Chances are it is possible to detect a XLSX file without having to manually unzip it.

继续阅读:browserfile-uploadxhtml

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9