Comments (4)
@drugarce Thanks for the clarification. I've reproduced this behavior on my side and created a corresponding ticket in our SC.
from devextreme.
Fixed in PR
from devextreme.
Hi,
The accept
option value is passed to the accept
attribute of the underlying input element. This attribute provides hints for the browser and doesn't validate the selected file type. E.g., refer to the elements with type='file'[link] article from MDN:
The accept attribute doesn't validate the types of the selected files; it simply provides hints for browsers to guide users towards selecting the correct file types. It is still possible (in most cases) for users to toggle an option in the file chooser that makes it possible to override this and select any file they wish, and then choose incorrect file types.
Because of this, you should make sure that the accept attribute is backed up by appropriate server-side validation.
You can validate the selected value in the valueChanged event handler as demonstrated in the code snippet below:
dxFileUploader({
onValueChanged: function(e) {
var files = e.value;
if(!isAllowedFiles(files)) { //check the file type here
e.component.option("value", e.previousValue); //if the file is unacceptable - return the previous value
}
}
})
from devextreme.
Hi @DokaRus ,
Thank you so much for looking into this. Perhaps you missed out on the bit that the scenario I described happens when using drag and drop to add a file to the upload control. Otherwise the widget works as expected when opening the native browser file selector.
Your suggestion to use the onValueChanged handler would work for Step 3 but not Step 2 in my original posting. For Step 2, the value array of the object (e) that the handler function receives is empty. The widget discards the file as not allowed before calling the value changed function.
Please check the _dropHandler function, you will see that on line 934 there is some filtering applied on the values (files) that are provided by the html input element. This filtering is not done properly, the problematic area is on lines 978-983 in the same file.
So once again, let's say the accept attribute is *.jpg
Based on the _isFileTypeAllowed
function, (978-983), a file with name "profile.JPG" will be treated as not allowed because the case of the extension does not match!
By the way, when using the native file selection dialog, the file with upper cased extension can be selected without problems, but if I drop the file on the widget, the file is ignored.
Furthermore, a file with name "profile.jpg.old" will be treated as allowed, because the ".jpg" portion is contained in file name. However, based on the accept attribute, the extension needs to be at the end of the file name, not anywhere in the file name.
from devextreme.
Related Issues (20)
- TreeList - Editing Form - Form not extended when the editors extends HOT 1
- ChainAlert: npm package release (21.2.5) has no matching tag in this repo HOT 2
- OnRowPrepared is being called repeatedly to the point of crashing the page. HOT 1
- Dropdown multiple selection css is broken HOT 1
- Problem With CustomStore Remove HOT 1
- Action Required: Fix Renovate Configuration
- improve typescript typing HOT 3
- popup elementAttr deprecation HOT 2
- dx.all.js:9 [Violation] 'setTimeout' handler took HOT 2
- DataGrid RowFilter OData Lookup Bug HOT 3
- [feat] Popup - add maximize/restore and collapse/expand buttons in toolbar HOT 1
- [feat] TreeList - export to excel HOT 1
- [feat] DateBox - allow selecting ranges HOT 1
- [Feat] DataGrid - allow user input in pager size selector HOT 1
- DevExtreme v22.2 in Angular v16 is missing "BrowserTransferStateModule" from @angular/platform-browser HOT 9
- Html Editor Predefined Items are missing in release version 23.1.2-alpha-23114-0308 HOT 2
- Changes to columnResizingMode in code is ignored if localstorage is used HOT 2
- DateRangeBox for zoom level year is glitchy HOT 2
- Overwriting default DataGrid settings in FileManger (React) HOT 2
- FileManager: change selection event raised on dir change is indistinguishable from the human-made one HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from devextreme.