<INPUT type='file' ...

[CapeMan]

I am aware that there are security issues involved with dynamically uploading files to an IIS server if one uses the <INPUT type=file name=XYZ /> tag

The above tag will place a textbox and Browse button onto your form. The user has to either enter a file name into the textbox or use the browse button to find the file.

At run-time, you can use javascript to create the <INPUT elements, but you cannot place a filename into the value attribute. That is a security breach.

Here is my question: Do you know how one can around this?

Thanks, Rich

 

[Kirilla]

Hi.

As I know the value property of an &quot;input type=file&quot; tag is read-only. There I found a defaultValue property, which'd work only from script, but it didn't work.(I couldn't use it)
Ideas:
1. Try to use the MsCommDlg common dialog box.
2. May be you can use Scripting.FileSystemObject with simple text tag.


regards, Kirilla