We need to check all the criteria that file upload defines on both, server-side and client-side.
Otherwise an "attacker" could bypass the criteria by modifying client-side code.


On Thu, Feb 13, 2014 at 3:14 PM, Michal Petrov <richfaces-dev@lists.jboss.org> wrote:
{quote:modifiedtitle=true|class=jive_text_macro jive_macro_quote}
ad) new widget



we might want to do more rigorous search for alternative widgets.



Let's collect requirements here:




*
drag-drop


*
progress indication


*
file size limits


*
rejection per file / mime-type





(practically all things original widget had, just client-side)
{quote}
I will take a look but those requirements do not seem hard to implement if we needed to. Drop support in particular is just a listener for drop event and can be easily added to the current fileUpload.

Concerning the server side what are the requirements past sending the files to a servlet, are we letting the user handle it?

Posted by forums
Original post: https://community.jboss.org/message/857511#857511
_______________________________________________
richfaces-dev mailing list
richfaces-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/richfaces-dev