2

I have a form with ajax file uploading. Javascript creates iframe with a form, moves input with the file into the form and submit the form.

This works without any problem, but popular NoScript plugin in Firefox thinks that it's XSS and turn my POST request into GET. So it doesn't work. Is there any possibility to circumvent this problem?

Code (uses jQuery)

function add_input_file(div) {
  var input = $("<input>").attr("type", "file").attr("name", "file");
  input.appendTo(div);
  input.change(function() {
    $(this).off();
    var iframe = $("<iframe>");
    iframe.appendTo($("body"));
    iframe.load(function() {
      $(this).off();
      var input = $(this).data("input");
      var form = $("<form>").attr("method", "post").attr("action", "/send").attr("enctype", "multipart/form-data").attr("accept-charset", "UTF-8");
      form.appendTo($(this).contents().find("body"));
      input.appendTo(form);
      add_input_file($("#att"));
      form.submit();
    });
  });
}
$(function() {
  add_input_file($("#att"));
})
Improve this question
7
  • Can you post the javascript code? Commented Dec 3, 2011 at 13:42
  • Rather than creating the IFrame and Form dynamically have them as part of the page's HTML <iframe id="ajaxpost" class="hidden" src="ajaxpost.htm" /> Commented Dec 9, 2011 at 12:55
  • The problem is there can be different numbers of uploading files. So I have to make iframes dynamically. Commented Dec 10, 2011 at 0:38
  • 1
    Did you try setting a source for the iframe? Currently it doesn't have one, so noscript might considers it cross-site because the src of the iframe isn't pointing to the same site. Commented Dec 14, 2011 at 12:19
  • @Ximik This code would not work at all with NoScript, what with this code being java- script and all... so there isn't a solution to your problem that still gives you a dynamic multi-uploader. You need scripts for that, and NoScript is blocking scripts. Commented Dec 14, 2011 at 15:46

2 Answers 2

Reset to default
2
+50

That's not a code fix but I use this jQuery form plugin to do ajax uploading. I've tested the sample with Firefox and NoScript installed, everything ran fine.

If you don't want to use a custom plugin, take a look to the source code to see how it's done.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

This plugin uses special futures of HTML5. And so it doesn't work in old browsers (for old browsers it uses iframe just like my code).
Did you try it? Maybe they do something just a little bit different to make it works with old browsers as well.
In fact my code is somehow based on this plugin. I've just removed all that uses javascript file access instead of iframe.
0

I suggest you display a simple file form at <noscript>, since script has been turnned off, you cannot solve the problem by use more scripts.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.