File input 'accept' attribute - is it useful?

前端 未结 8 1627
独厮守ぢ
独厮守ぢ 2020-11-22 02:30

Implementing a file upload under html is fairly simple, but I just noticed that there is an \'accept\' attribute that can be added to the

相关标签:
8条回答
  • 2020-11-22 03:09

    It's been a few years, and Chrome at least makes use of this attribute. This attribute is very useful from a usability standpoint as it will filter out the unnecessary files for the user, making their experience smoother. However, the user can still select "all files" from the type (or otherwise bypass the filter), thus you should always validate the file where it is actually used; If you're using it on the server, validate it there before using it. The user can always bypass any client-side scripting.

    0 讨论(0)
  • 2020-11-22 03:18

    If the browser uses this attribute, it is only as an help for the user, so he won't upload a multi-megabyte file just to see it rejected by the server...
    Same for the <input type="hidden" name="MAX_FILE_SIZE" value="100000"> tag: if the browser uses it, it won't send the file but an error resulting in UPLOAD_ERR_FORM_SIZE (2) error in PHP (not sure how it is handled in other languages).
    Note these are helps for the user. Of course, the server must always check the type and size of the file on its end: it is easy to tamper with these values on the client side.

    0 讨论(0)
提交回复
热议问题