davgothic / ajaxfileupload Goto Github PK
View Code? Open in Web Editor NEWA jQuery plugin that simulates asynchronous file uploads.
License: MIT License
A jQuery plugin that simulates asynchronous file uploads.
License: MIT License
when i update chrome version to be ‘83.0.4103.61’,it do not work.
please check it ,thanks
The source is missing a 'return true' statement after line 72.
when i use ajaxFileUpload in IE11,it enter in success callback function,but the data(it is the params) is "false",thus i ask my friend for helping,when he use it in IE11(his computer),he got it working normally,what's wrong?
I run the demo,but got an error
Blocked a frame with origin "null" from accessing a cross-origin frame. at HTMLIFrameElement.onComplet
Does not fire success in just safari on mac, using safari 6.1.. works on every other browser.. this is my code
$.ajaxFileUpload({
type: "POST",
url: baseurl + "upload/img_upload",
fileElementId: "attachFile",
dataType: "json",
data: $("#account_upload").serialize(),
success: function (json) {
},
error: function (data, errorThrown) {
}
});
It's not working in microsoft edge. Also, sometimes create issues in chrome, safari. Please, help regarding this how I can make it's AJAX request compatible with all browsers. Thanks
in Google Chrome 61.0.3163.100, server use tomcat
here I upload a file and server return a jsonstring like this
{"error":"","hasError":false,"results":0,"rows":[]}
and in your code
response = doc.body.innerHTML;
response will be like this
<pre style="word-wrap: break-word; white-space: pre-wrap;">{"error":"","hasError":false,"results":0,"rows":[]}</pre>
and next $.parseJSON cant parse it and get the error:
Unexpected token < in JSON at position 0
and I fixed it with :
try{
response = $.parseJSON(response);
} catch (e) {
var preIndex = response.indexOf('{')
var lastIndex = response.indexOf('}') + 1
response = $.parseJSON(response.substring(preIndex, lastIndex));
}
how can I validate the file size before ajax upload the file?
Hi! Your plugin, while being good from usability perspective, unfortunately lacks any input validation making it vulnerable to cross site request forgery, arbitrary file upload and, further on, remote code execution vulnerabilities.
Imagine your script being a part of some bigger application. Knowing the url to your script (upload.php) the attacker can upload any file of any contents to the server remotely. It can be, for example, a PHP file that deletes all files from the webserver, or send the sources of all PHP files to the attacker, or appends some malicious javascript to every .html found. Or a PHP shell - http://www.youtube.com/results?search_query=c99+shell&aq=f . The possibilities are limitless.
There should be a default configuration allowing only permitted whitelist of file extensions to accept, defaulting .e.g to jpeg, gif, png only. No js, no php, no html, no .htaccess for example. See here : http://hungred.com/useful-information/secure-file-upload-check-list-php/ on how to implement this.
Additionally, you should use basename() on $_FILES['']['name'] because in PHP 5.3.6 and older, an attacker could overwrite files rom the root of filesystem - see here http://blog.kotowicz.net/2011/06/file-path-injection-in-php-536-file.html
SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data
i'm not sure this plug-in can be sued in my project ,my environment is jQuery 2.1.3.
I want the file upload percentage
SecurityError: Permission denied to access property "document" on cross-origin object
I think this plug-in has several potential security problems:
The file type and size are not verified, so malicious files or oversized files may be allowed to upload, resulting in server resource consumption or malicious file tampering.
Failure to verify and filter the file name may cause malicious code in the file name or cause the file on the server to be overwritten or deleted.
The uploaded file is not encrypted or compressed, so it may leak the file content or make the file content easy to crack.
In fact, the plugin depends on iframe
rather than ajax
,which perplexs me alot.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.