How to restrict file type (e.g. .pem, .cer) using in HTML5. The accept tag does not serve the purpose fully, as I can type some other file type and the file gets uploaded. The field is of input type "file".
如何限制在HTML5中使用的文件类型(例如.pem, .cer)。accept标记没有完全满足这个目的,因为我可以键入其他文件类型,然后文件就会被上传。输入类型为“file”。
3 个解决方案
#1
1
For example all audio types:
例如所有音频类型:
<input type=file accept="audio/*">
1 audio type:
1音频类型:
<input type=file accept="audio/mp3">
#2
0
HTML5 does not provide a way to exempt specific file types.
HTML5并没有提供一种免除特定文件类型的方法。
#3
0
Q. How to restrict file type in HTML5?
如何限制HTML5中的文件类型?
This is not possible in a fool-proof way.
这在万无一失的情况下是不可能的。
Q. Why?
问:为什么?
- The
acceptattribute on theinputtag is only a helper attribute. It is not a validation tool (see the tip on this page that clarifies this). Therefore, expecting theacceptattribute to validate the files is unrealistic. - 输入标签上的accept属性只是一个helper属性。它不是一个验证工具(请参阅本页上澄清这一点的技巧)。因此,期望接受属性来验证文件是不现实的。
- Support for the
acceptattribute varies across web browsers (even their latest versions) so another reason not to depend on this attribute for validating files being uploaded. - 对accept属性的支持在不同的浏览器(甚至是它们的最新版本)上有所不同,因此另一个不依赖于此属性的原因是验证文件被上传。
- There is no other mechanism in HTML5 to validate file uploads.
- HTML5中没有其他机制来验证文件上传。
- Even if the client (web browser) could enforce file extensions, users can always rename files to an acceptable format and upload them. For example, if HTML could restrict upload to PDF files, nothing stops the users from renaming EXE files to PDF and uploading them.
- 即使客户端(web浏览器)可以强制执行文件扩展,用户也可以将文件重命名为可接受的格式并上传。例如,如果HTML可以将上传限制为PDF文件,那么没有什么可以阻止用户将EXE文件重命名为PDF并上传它们。
Q. So what's the solution?
那么解决方案是什么?
Always validate data on the server-side. Uploads are no different than other types of data. Even if there are safeguards on the client to validate data, it must always be validated on the server side. Use the client-side options as helpers but don't overly rely on them.
始终在服务器端验证数据。上传与其他类型的数据没什么不同。即使客户机上有验证数据的安全措施,也必须始终在服务器端进行验证。使用客户端选项作为助手,但不要过度依赖它们。
#1
1
For example all audio types:
例如所有音频类型:
<input type=file accept="audio/*">
1 audio type:
1音频类型:
<input type=file accept="audio/mp3">
#2
0
HTML5 does not provide a way to exempt specific file types.
HTML5并没有提供一种免除特定文件类型的方法。
#3
0
Q. How to restrict file type in HTML5?
如何限制HTML5中的文件类型?
This is not possible in a fool-proof way.
这在万无一失的情况下是不可能的。
Q. Why?
问:为什么?
- The
acceptattribute on theinputtag is only a helper attribute. It is not a validation tool (see the tip on this page that clarifies this). Therefore, expecting theacceptattribute to validate the files is unrealistic. - 输入标签上的accept属性只是一个helper属性。它不是一个验证工具(请参阅本页上澄清这一点的技巧)。因此,期望接受属性来验证文件是不现实的。
- Support for the
acceptattribute varies across web browsers (even their latest versions) so another reason not to depend on this attribute for validating files being uploaded. - 对accept属性的支持在不同的浏览器(甚至是它们的最新版本)上有所不同,因此另一个不依赖于此属性的原因是验证文件被上传。
- There is no other mechanism in HTML5 to validate file uploads.
- HTML5中没有其他机制来验证文件上传。
- Even if the client (web browser) could enforce file extensions, users can always rename files to an acceptable format and upload them. For example, if HTML could restrict upload to PDF files, nothing stops the users from renaming EXE files to PDF and uploading them.
- 即使客户端(web浏览器)可以强制执行文件扩展,用户也可以将文件重命名为可接受的格式并上传。例如,如果HTML可以将上传限制为PDF文件,那么没有什么可以阻止用户将EXE文件重命名为PDF并上传它们。
Q. So what's the solution?
那么解决方案是什么?
Always validate data on the server-side. Uploads are no different than other types of data. Even if there are safeguards on the client to validate data, it must always be validated on the server side. Use the client-side options as helpers but don't overly rely on them.
始终在服务器端验证数据。上传与其他类型的数据没什么不同。即使客户机上有验证数据的安全措施,也必须始终在服务器端进行验证。使用客户端选项作为助手,但不要过度依赖它们。