for security reasons, the browser cannot allow you to set the value for <input type="file" ..>Imagine you could, and you know Mr. qq5552661(DHTML&ASP) is visiting your site and he has a secret file "c:\secret.txt". You can add a hidden form and upload the file sercretly as follows, do you think that is good?
<FORM NAME="oForm"
ACTION="repost.asp"
ENCTYPE="multipart/form-data"
METHOD="post">
<INPUT TYPE="file" NAME="oFile1"/>
</FORM>
<script language="javascript">
function window.onload()
{
document.oForm.oFile1.value = "c:\\secret.txt"; //does not work
document.oForm.submit();
}
</script>
<FORM NAME="oForm"
ACTION="repost.asp"
ENCTYPE="multipart/form-data"
METHOD="post">
<INPUT TYPE="file" NAME="oFile1"/>
</FORM>
<script language="javascript">
function window.onload()
{
document.oForm.oFile1.value = "c:\\secret.txt"; //does not work
document.oForm.submit();
}
</script>
Settings\Zones\0
Change the 1201 DWORD from 1 to 0HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0
Change the 1201 DWORD from 1 to 0
function test(){
if (document.layers) {
netscape.security.PrivilegeManager.enablePrivilege('UniversalFileRead');
}
document.aForm.aFile.value = 'c:\\test.txt';}
</SCRIPT>
<FORM NAME="aForm" METHOD="post" ENCTYPE="multipart/form-data" ACTION="你的事件处理代码">
<INPUT TYPE="file" NAME="aFile">
<INPUT TYPE="button" VALUE="测试文件" onclick="test()">
</FORM>