27 Jan

missing functionality?

I’m writing a shoppingcart plugin for my employers’ CMS. This cart is innovative in that it uses XMLHttpRequest to manage the basket, and to fetch item details – it’s pretty impressive, even if I do say so myself. Unfortunately, I don’t have a demo online yet, but hopefully soon…

Anyway – while writing it, I came across a little lack of functionality and couldn’t think of a way around it. I am hoping that making people aware of the problem may spark ideas on getting around it

Shopping items mostly have a title, a price, a description and an image associated with them. The first three are simple to do. The last, the image, is tricky, in XMLHttpRequest.

The reason is that JavaScript is generally given absolutely no access to local files. This means that you cannot create an Input file element, and then forward that file using JavaScript to the server.

The security reasoning behind it is obvious – it would be trivial for a black-hat to write a script which sucks up personal files of people that visit their website. Paranoia is important when you work in the web.

Unfortunately, I believe the Mozilla crowd have been a little over-paranoid. I think it should be possible to access a file when the user has manually clicked on the Browse button, selected the file they want, and clicked Open.

It’s tricky…

Anyway – if anyone reads this, that has ever found a workaround for uploading files via XMLHttpRequest, please chime up in the comments box.

Update: After contemplation, I think the simplest solution is to allow the browser to submit the form with POST, without interfering with JavaScript, and target it to an IFrame. The IFrame will then call the parent page, announcing completion and calling the next function in the algorithm. Ugly, but trusty.