Home Dashboard Directory Help
Search

Internet Explorer 9 forbids access to security irrelevant details for an upload by MehmetMemo


Status: 

Closed
 as Won't Fix Help for as Won't Fix


Type: Bug
ID: 790482
Opened: 6/19/2013 9:29:18 AM
Access Restriction: Public
0
Workaround(s)
view
0
User(s) can reproduce this bug

Description


IE <= 9 does not allow reviewing basic attributes of a file being submitted (mimetype, filename, size) without the use of an ActiveX control. For these very basic and security irrelevant attributes under very secure locked down desktops there is are nasty user experience costs. A user must submit and wait for file validation, potentially of very large files before they find out if the document is acceptable. Thereafter, for security, IE clears the file input field (important for XSS).

Example utilizing jquery 1.9.1 and jquery-ui:

$('body').delegate('input#myuploadfield','change',
     function(evt){
        issues = 0;
        var file = this.files[0] //IE is the only browser that doesn't handle this
     if(file.name.length < 1 ){ //who cares }
    else{ if(file.size > (1024 * 1024*20){
     //flag issue, add issue text
    }
    //... add code for file.type, etc
if(issues){
     $('<div />').html(issues).dialog({modal:true,title:"Bad file!",buttons: { "Ok, I'll select a new file":function(){ $(this).dialog('close'); }
     $('#myupload').val('');
}
Details
Sign in to post a comment.
Posted by Microsoft on 6/28/2013 at 12:04 PM
Thank you for your feedback.

Although we value all feedback from the community, at this time we're not going to change the behaviour of IE9 and previous browsers to improve this scenario.

In general, we focus the majority of our effort making the best new browser, and making changes to old browsers only when those changes have great scope and depth of impact or if the change fixes a security problem that would otherwise put our users at risk.

We continue to welcome your Feedback as it helps us improve Internet Explorer.

Best Regards,
IE Beta Feedback Team
Posted by Microsoft on 6/21/2013 at 8:21 AM
Thank you for your feedback.

In order to expediate the investigation of this issue, please attach a sample page or url that reproduces this issue.

Best regards,

The Internet Explorer Team
Sign in to post a workaround.