Multiple upload in Gecko/WebKit: allow removal from list before upload
I'm trying to use the new multiple="multiple" attribute allowable on elements. So far this is supported by recent Gecko and WebKit browsers. I'm testing on Firefox 3.6 and Chrome 5.0.
I'm able to use it fine, and display the list of files (I used this as guidance). Rather frustratingly, however, it seems like it's impossible for the user to remove files from this list after they've been added. The only way is to click the "Browse..." button and choose a new set of files.
This is because the FileList object provided by the <input>
element is readonly, as mentioned in the spec (can't link - see the FileAPI TR over at the W3C's website).
There are of course workaround, like keeping a list of the "removed" items, uploading everything anyway and then ignoring the "removed" items. This is a bit dirty and could make uploading unacceptably s开发者_开发技巧low if lots of files are "removed".
Does anyone know of any other workarounds, or have any better ideas how to deal with this? The aim is to be able to use the "multiple" attribute, and allow users to remove files from the list prior to uploading.
I got an answer from Arun Ranganathan, the editor of the File API:
The programmer (using the File API to programmatically manipulate user's file selection) cannot contravene a user's decision. So the API does NOT allow the programmer to either add a file to the user's selections or delete a file from the user's selection. If we allowed this, this would be a gaping security hole. Bad Web Sites might be able to do Very Bad Things or at least Very Annoying Things. This is why the current paradigm does NOT allow any interaction with the underlying file system that is NOT user approved at least via the File dialog box (currently spawned with input type="file").
I agree that the FileList should reflect what the user initially selected in the file picker and that being able to add things to the FileList would be a huge security hole. I can't see that being able to remove things would cause such huge security issues, but I can see how it could be used for less than positive purposes.
精彩评论