Users must submit a fully qualified path when you use the "input type=file" element in a Web application in Windows XP Service Pack 2 (892442)


The information in this article applies to:

  • Microsoft Windows XP Service Pack 2, when used with:
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional

SYMPTOMS

In Microsoft Windows XP Service Pack 2 (SP2), you may use an input type=file element in an application. If you let the user type a path in the text box part of the element and they do not provide a fully qualified path that includes the drive and root folder, one of the following conditions occurs:
  • If the user submits the form by using an input type=submit element, nothing occurs.
  • If the user tries to submit the form that contains the control by clicking a link, and that link invokes JavaScript code that calls the Submit method, the user receives an "Access is Denied" scripting error message. For example, postbacks for server-side Microsoft ASP.NET controls may use the Submit method.

WORKAROUND

To work around this behavior, follow these steps:
  1. If you can access the code that calls the Submit method, handle the script error, and then prompt the user to enter a fully qualified path.
  2. Prevent the user from editing the contents of the text box. This effectively forces the user to click Browse to choose the file path. For example, use the following code example to prevent the user from editing the text box contents in Microsoft Internet Explorer.
    <html>
	<head>
		<script language="javascript">
		<!--
function test()
{
	if( event.keyCode == 8 )
	{
		return false;
	}
	return true;
}
		-->
		</script>
	</head>
	<body>
		<form name="Form1" action="SimpleResults.aspx" method="post" ID="Form1">
			<input id="txtFileUpload" onkeydown="return test();" onbeforeeditfocus="return false;" type="file" name="txtFileUpload" />
			<p />
			<input type="submit" value="Submit" ID="Submit1" NAME="Submit1" />
		</form>
	</body>
</html>
  3. Create your own ActiveX control to provide this functionality.

STATUS

This behavior is by design.

MORE INFORMATION

Steps to reproduce the behavior

  1. Paste the following code example in a file that is named Simple.html, and then save the file on your Web server.
    <html>
<head>
    <script language="javascript">
function go()
{
	theform = document.Form1;
	theform.submit();
}
    </script>
</head>
<body>
    <form name="Form1" action="SimpleResults.aspx" method="post">
        <h2>This example demonstrates the change to the "input type=file" element in Windows XP SP2:
        </h2>
        <p>
            Note: You cannot put information in an "input type=file" element by using script code.  For more information, see the following article in the Microsoft Knowledge Base: <a href="http://support.microsoft.com/kb/266087">266087</a><br />
            <input id="txtFileUpload" style="WIDTH: 346px; HEIGHT: 20px" type="file" size="30" name="txtFileUpload" />
        </p>
        <p>
            1. Now, if you enter a path that is missing the drive letter and root folder in
            the text box part of the control, and&nbsp;then you click submit, the Submit method call will not
            be permitted.  Therefore, nothing will occur.<br />
            <input type="submit" value="Try to use a Submit button" />
        </p>
        <p>
            2. Also, if you enter a path that is missing the drive letter and root folder in the
            text box part of the control, and&nbsp;then you click a link that uses scripting to submit
            the form, you receive an "Access is Denied" scripting error message.<br />
            <a onclick="javascript:go()" href="#">This link causes the "Access is Denied" error message.</a>
        </p>
    </form>
</body>
</html>
  2. Paste the following code example in a file that is named SimpleResults.aspx.
    <%@ Page Language="C#" %>
<script runat="server">
    void Page_Load()
    {
        txtResults.Text = Request.Form["txtFileUpload"];
    }
</script>
<html>
<head>
</head>
<body>
    <form runat="server">
        <p>
            Here are the results of submitting the contents of the "input type=file" element. 
        </p>
        <p>
            <asp:TextBox id="txtResults" runat="server" Width="469px"></asp:TextBox>
        </p>
    </form>
</body>
</html>
  3. In a Web browser, open Simple.html.
  4. In the text box that is in the input type=file element, type some text that does not include C:\ or a similar path.
  5. Click Submit. Notice that nothing occurs.
  6. Click This link causes the "Access is Denied" error message.. You receive an "Access is Denied" script error message.

REFERENCES

For more information, visit the following Microsoft Developer Network (MSDN) Web site:

http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/reference/objects/input_file.asp

Modification Type:MajorLast Reviewed:5/4/2005
Keywords:kbprb KB892442 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.