<div dir="ltr">We need to check all the criteria that file upload defines on both, server-side and client-side.<div>Otherwise an "attacker" could bypass the criteria by modifying client-side code.</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Thu, Feb 13, 2014 at 3:14 PM, Michal Petrov <span dir="ltr"><<a href="mailto:richfaces-dev@lists.jboss.org" target="_blank">richfaces-dev@lists.jboss.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
{quote:modifiedtitle=true|class=jive_text_macro jive_macro_quote}<br>
<div class="">ad) new widget<br>
<br>
<br>
<br>
we might want to do more rigorous search for alternative widgets.<br>
<br>
<br>
<br>
Let's collect requirements here:<br>
<br>
<br>
<br>
<br>
*<br>
drag-drop<br>
<br>
<br>
*<br>
progress indication<br>
<br>
<br>
*<br>
file size limits<br>
<br>
<br>
*<br>
rejection per file / mime-type<br>
<br>
<br>
<br>
<br>
<br>
(practically all things original widget had, just client-side)<br>
</div>{quote}<br>
I will take a look but those requirements do not seem hard to implement if we needed to. Drop support in particular is just a listener for drop event and can be easily added to the current fileUpload.<br>
<br>
Concerning the server side what are the requirements past sending the files to a servlet, are we letting the user handle it?<br>
<br>
Posted by forums<br>
Original post: <a href="https://community.jboss.org/message/857511#857511" target="_blank">https://community.jboss.org/message/857511#857511</a><br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
richfaces-dev mailing list<br>
<a href="mailto:richfaces-dev@lists.jboss.org">richfaces-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/richfaces-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/richfaces-dev</a><br>
</div></div></blockquote></div><br></div>