[Zope] Putting a default value in an <input type="file"...>

[Tino Wildenhain]

Hi Gilles,


Gilles Lenfant wrote:
...
> This is easy for usual widgets (textfields, radio, checkboxes...) but I'm
> stuck with <input type="file" value=...> controls, for which I can't give
> back the previous value (file path in the client file system).
> 
> Any hint ?
> 
> I know this is not strictly a Zope problem but I guess some of you already
> faced that problem.
> 
> Thanks in advance.
Yes, this is a HTML/security problem. If the browser does it well,
it does not allow modification of file fields from server.
Neither via value nor via Javascript.
You can imagine what would happen if some attacker would provide
a path to a system file, your back account file or whatever
and hides the form element somewhere in the page?

You guess it.

Regards
Tino Wildenhain