To be fair, Derek, you are following a long tradition. I think there was even a challenge on the Internet to do this. However, you are wrong. I DO it all the time. You need to think out of the box. I have given you the solution. I can give you code, but it is interesting and instructive (to me) listening to people who say it CANNOT be done. The going wisdom is that it cannot be done. This is fairly important to the GUI makers, because the given browser buttons are bad. However, Michael McGrady solved this problem sometime this last year. http://www.michaelmcgrady.com/file_browse_images.jsp See below for more bellowing. ;-)
On Wed, 22 Dec 2004 10:08:27 -0400, Derek Broughton <[EMAIL PROTECTED]> wrote: > On Wednesday 22 December 2004 02:29, Dakota Jack wrote: > > There actually are a lot of things you can do with this that are not > > obvious and are consistent with what seems to be impossible. You can > > actually get around almost all of the restrictions on <input > > type='file'> without breaking security. You just create GUI facades > > with span styles. This can allow you to actually make a person think > > they are uploading a file when in fact they are just sending the file > > name to the server, etc. This is also used to insert images in the > > place of file upload browser based buttons. > > afaik, Eddie's right. You not only CAN do this, Derek, but also I DO do it. Eddie is both right and wrong. You cannot do it the way you and Eddie are thinking. You cannot, thankfully, beat the security requirements so far as I know. That is irrelevant. If you get out of the box and use span styles, you can do it. You have to be able to think about the problem clearly and differently. Did you given any thought to using span styles once that was mentioned as a solution? I think you did given your comments, but you seem to let pessimism rule the speed of your thinking about it. Just forget that you are bound to the idea of "NO" and think about what you can do with span styles if you don't think "NO". Think, "YES". You think of the question as how to beat the security requirements. Think rather about what the real question is. The real question is about what you want to achieve. Once you think this way, it is all very, very easy. >Last time we kicked this around on an HTML discussion > forum, we couldn't find a way to obscure, in any way, the actual file > "browse" button. YOU couldn't, whomever the "we" is that did the "kicking around" on the HTML discussion forum, but I could and did. ;-) Again, break out of the box you are in. >There's been significant changes in all the major browsers > since then, so things could have changed, but I would doubt any such changes > are intentional. The solution (span styles) has nothing to do with browsers except that those that don't support span styles (Opera) are excluded from the solution. I don't know if browsers other than Opera are excluded. So far, I am seemingly okay with this. > > If you overlay the browse button with an image, the button doesn't receive the > onClick event. You are jumping to "NO". The real answer is "YES". I can provide code I use everyday to upload files that does this. > There is no way for any other control to click the button > programmatically. This is only "no way" that YOU could see. I DO this all the time. You are stuck on "NO". ;-) I hope I am not becoming monotonous, but really all you are doing is saying you cannot do it. I am saying not only that you CAN but that I DO. > Similarly, you can overlay the actual filename box, but > nothing is permitted to programmatically change the contents of the filename. Again, you are too limited to your vision. I DO this all the time in a way you are not thinking about. There are different ways of looking at this. You are bound to the "NO" look and so you describe what you want to do that way. That leads to the "NO" that you started with. If you want to programmatically change something, then change something that can be changed and quit trying to change what cannot be changed. Think out of the box. > > Yes, you can make it look as if you upload a file while sending just the name > (other than by just leaving off the "enctype" attribute) - it's possible to > read the contents of the filename box and change another object's value - you > just can't write to the filename. > > You should, however, be able to programmatically submit the form, once the > user has filled in the filename, so you can stick an image over that button > (but then you could use an image button directly). Yes, I can do this too. Once again, I DO it all the time, Derek. Jack -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~ "You can't wake a person who is pretending to be asleep." ~Native Proverb~ "Each man is good in His sight. It is not necessary for eagles to be crows." ~Hunkesni (Sitting Bull), Hunkpapa Sioux~ ----------------------------------------------- "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
