Because of security concerns in several browsers, accessing the Filepath of files selected via an HTML input element isnt‘ that easy. This article is to describe the circumstances how Firefox 3 and Internet Explorer 7 (I E7) handles it.
Why should you need the Path of the file: Think of Intranet applications where files are stored on companywide fileservers. Sometimes editors want to provide links to these files in the CMS, without writing or copying the filepath into a textfield. A normal Fileupload form can do the trick.
This is the HTML construct i am talking about:
<input id="thisFile" name="Datei" size="50" maxlength="100000" accept="text/*" type="file">
IE7: Microsoft says in an Article in MSDN about the value Property of the input Element: The value property returns only the file name and not the path of the file to machines outside the local machine security zone. For more information on security zones, see About URL Security Zones.
Thats only half the truth, in IE7 it was perfectly working for pages in the normal Internet security zone, it directly delivers the path + the filename (e.g. C:\\my directory\my filename.doc). The reason is simple: the Security Zone the script is in, in my case the zone „Internet“, has the correct rights initially set:
"Verschiedenes -> Lokalen Verzeichnispfad beim Hochladen von Dateien auf einen Server mit einbeziehen" -> is set to true
which translates to something like „Send the locale filepath during file uploads“. Probably for future versions of IE7 this might change, so take into account to rollout the configuration changes in your company intranet.
In Firefox 3, there was a long discussion taking place about this security issue. The result: Firefox 3 doesnt provide the filepath in default mode. The script has to request expanded privileges:
Additionally, the user must enable security warnings to appear (type in „about:config“, search for „signed.applets.codebase_principal_support“ and set it to true). A user is then presented with a security warning and has to allow the script manually. The complicated procedure makes it only desirable for Intranets. After that, the script will get the full path of the file.
Here is a script is used for testing:
<form action="input_file.htm" method="post" enctype="multipart/form-data"> <p>Choose a file:<br> <input id="thisFile" name="myfile" size="50" maxlength="100000" accept="text/*" type="file"> <a onclick="netscape.security.PrivilegeManager.enablePrivilege ('UniversalFileRead'); alert(document.getElementById('thisFile').value)" href="#"> Show File Location</a></p> </form>