I'm using rich:fileUpload in my application on linux when I try to upload any file containing html code in file name i.e "file<img src=xyz onerror=alert('TEST')>Name.png", it gives me javascript alert before uploading the file. I tried it on live demo and found the same issue there as well. How can I restrict/escape execution of html/script or XSS in file name on linux?
You can try it yourself by following steps on linux.
Create a file with name "file<img src=xyz onerror=alert('TEST')>Name.png"
Access rich:fileUpload demo on richfaces showcase using below url.
Upload file and you will see a javascript alert.
http://showcase.richfaces.org:8000/richfaces/component-sample.jsf?demo=fileUpload&skin=blueSky
I try to upload any file containing html code in file name i.e
"fileName.png".
You are saying html code in file name, but I don't see any html in "fileName.png".
If I'm not wrong file name should be something like file<img src=x onerror=alert('Javascript')>.pdf.
Related
I have a html file under my war folder in the project ,
I just want to access that file From the path "/myhtml.html"
and then replace whatever is in this file from a new text "Some new Text"
so that My html file now will only have "some new text" there .
I searched alot for this , but they provide example for changing a specific div etc in a file , but i just want to replace everything in a file which is present under a war folder.
I understand that you are trying to change the content of HTML files using Javascript that is running in the browser.
Front-end Javascript can't access local files that are stored on your machine. It would be a security disaster if it could. The only way Javascript can read with local files is using a file upload input, and it will only be able to read the files not update/overwrite them.
NodeJS however is capable of accessing the local file system. NodeJs is backend JavaScript so it will be running on a server.
I have an HTML file with JavaScript that I am running without any Webserver/host so I am just opening the file in a browser local to my windows PC. In that HTML file I would like to be able to read a text file in the same folder as the html file. That file will contain data in rows and columns separated with tabs. i.e
1 a
2 b
3 c
I want to keep this as simple as possible so all I have to do is share the HTML and Text file to others so the can open it up local to their computer without any webserver/host and without having to also copy of external libraries like node.js or jquery.
I have searched and tested everything I can find but either I need to reference an external library or I have to run it in a webserver or I need to click a button to load the file through the browser, none of what I want.
Does native JavaScript support the function to read a text file and save it to an array? If so, any code direction would be great.
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest
XMLHttpRequest() exists in native JavaScript, I think it will help you.
You also can send a request to the file. Or use library: axios.js because when you use XMLHttpRequest() you lose many time to write code which just get content from file, with axios I got file content with one line: `axios.get('file.txt').then(result => console.log(result.data));
To connect Axios: <script src="https://unpkg.com/axios#0.18.0/dist/axios.min.js"></script>
You can read official documentation about axios.js and XMLHttpRequest() in the net.
I am trying to upload a file using HTML File Input ().
But even if I pass to it's accept property valid mimetypes for photoshop files e.g. application/psd/application/photoshop/application/x-psd/image/psd/image/x-psd etc. it doesn't recognize the type and doesn't show corresponding files in the explorer.
But then I try to use All Files and get the File right. But there is no FileType in it. It's showing "" empty string like this. For which I am failing to identify the file in the server.
I tried a lot to find a solution for this but failed. Am I missing something or HTML File Input doesn't support that? Or I'll have to do something else for that?
Is there any other way of getting around with that?
i'm trying to upload excel file from local system using the method Choose File
when i run this code
click element ${btn_upld}
Choose File //input[#id="upload-i"] C:/Users/AUTOMATISATION/gm/Import.csv
click element //*[#value="Upload"]
the following error "InvalidElementStateException: Message: invalid element state" is displayed on ride tool
Any help please ?!!
Try following code
If your executing it on Windows
Choose File xpath=//input[#id="upload-i"] C:\\Users\\AUTOMATISATION\\gm\\Import.csv
If your executing on linux
Choose File xpath=//input[#id="upload-i"] C://Users//AUTOMATISATION//gm//Import.csv
If there is error let me know
Need your kind assistance in fixing the file rename issue. I am using ckeditor to manage the content. When i upload an image say 'blue-kpi.png' and again if i try to upload the same image it renamed the file to 'blue-kpi(1).png'.
This works fine. I want no alert message should be displayed it directly upload the file without any alerts and file renaming functionalities will work as it is.
In short, user will not see the name of the file.
Go to this address and edit it functions
ckeditor\plugins\filemanager\connectors\php\io.php
// Do a cleanup of the file name to avoid possible problems
function SanitizeFileName($sNewFileName).............