Re: Re: File upload widget?
We need to check all the criteria that file upload defines on both,
server-side and client-side.
Otherwise an "attacker" could bypass the criteria by modifying client-side
code.
On Thu, Feb 13, 2014 at 3:14 PM, Michal Petrov <
richfaces-dev(a)lists.jboss.org> wrote:
{quote:modifiedtitle=true|class=jive_text_macro jive_macro_quote}
ad) new widget
we might want to do more rigorous search for alternative widgets.
Let's collect requirements here:
*
drag-drop
*
progress indication
*
file size limits
*
rejection per file / mime-type
(practically all things original widget had, just client-side)
{quote}
I will take a look but those requirements do not seem hard to implement if
we needed to. Drop support in particular is just a listener for drop event
and can be easily added to the current fileUpload.
Concerning the server side what are the requirements past sending the
files to a servlet, are we letting the user handle it?
Posted by forums
Original post: https://community.jboss.org/message/857511#857511
_______________________________________________
richfaces-dev mailing list
richfaces-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/richfaces-dev
Attachments:
- attachment.html (text/html — 1.9 KB)