Geek Answers Handbook

HTML file upload: is there any way to force content-type = "application / octet-stream"

We configure the upload of files to the end of the server due to built-in restrictions.

HTML file download code used in Firefox:

<html> <body> <form action="http:///192.168.1.1/upload.cgi" name="form_1" method="post" enctype="multipart/form-data" > <input type="file" id="file" name="filename" content-type="application/octet-stream"> <input type="submit" name="mysubmit" value="Send"> </form> <body> </html>

If the selected file is called "fish.jpg", the server receives its content type as "image / jpeg". If the file is renamed to “fish” without a file extension, the server receives its content type as “application / octet stream”, which is what we want.

Is there a way to force "application / octet-stream" on an HTML page (with or without normal JavaScript)?

Thanks in advance, Bert

+7
javascript html
source share
2 answers

Not. There is no content-type="..." attribute. You cannot influence the browser choice of the Content-Type header in the multipart/form-data subpage in general, with or without JavaScript.

Why does it matter? This is a bad idea for the server side of the script to do something with the Content-Type , as this is often inaccurate. image/jpeg cannot be treated differently from application/octet-stream - this is something that should not be done, not least because the browser can choose to download JPEG as application/octet-stream or something else (in particular IE usually likes to send image/pjpeg ).

If you are in control of the server and getting the right type of file upload is critical, there must be a user interface for manually selecting it. (You can use sniffing JavaScript file extensions and / or Content-Type to set the default value, but do not rely on it.)

+6
source share

Is there a way to force "application / octet-stream" in the HTML file of the page (with regular JavaScript)?

You should not specify the content type in html. Bad guys can easily get around this. The method is to validate on the server side.

+1
source share

More articles:


All Articles