[Webkit-unassigned] [Bug 63388] New: Using FormData to upload a DataTransferItem generated random filename
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jun 25 13:24:05 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=63388
Summary: Using FormData to upload a DataTransferItem generated
random filename
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: Platform
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: amla70 at gmail.com
With https://bugs.webkit.org/show_bug.cgi?id=58106 it's possible to get access to a pasted image in the paste event and as explained here http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-March/030881.html it's a Blob
Then that Blob can be send to the server with FormData:
var formdata = new FormData();
formdata.append("upload", file);
xhr.send(formdata);
But that will set only the name of the form element ("upload") that can be used at the server to read the file. The filename itself will be a random string like Blob8edfed3b35de4b39a42a69f96081e5d1 that doesn't include even the '.png' extension
So if the server is performing some basic filtering according to the uploaded filenames, that file will be rejected.
If the server doesn't add itself the '.png' extension, then it might not be sent back when the client request it (due to a security policy to not send unknown file types)
Possible solutions:
Generate a more useful automatic filename
allow to specify a filename in the formdata.append, or the blob
allow to get the whole blob as a string and then perform a sendAsBinary like Firefox where we can build the exact form specifying everything
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list