在html下实现文件上传是相当简单的,但我刚刚注意到有一个'accept'属性,可以添加到<input type="file"…>标签。
这个属性在限制文件上传为图像等方面有用吗?使用它的最佳方式是什么?
或者,是否有一种方法来限制html文件输入标记的文件类型,最好是在文件对话框中?
在html下实现文件上传是相当简单的,但我刚刚注意到有一个'accept'属性,可以添加到<input type="file"…>标签。
这个属性在限制文件上传为图像等方面有用吗?使用它的最佳方式是什么?
或者,是否有一种方法来限制html文件输入标记的文件类型,最好是在文件对话框中?
当前回答
If the browser uses this attribute, it is only as an help for the user, so he won't upload a multi-megabyte file just to see it rejected by the server... Same for the <input type="hidden" name="MAX_FILE_SIZE" value="100000"> tag: if the browser uses it, it won't send the file but an error resulting in UPLOAD_ERR_FORM_SIZE (2) error in PHP (not sure how it is handled in other languages). Note these are helps for the user. Of course, the server must always check the type and size of the file on its end: it is easy to tamper with these values on the client side.
其他回答
在2008年,由于缺少移动操作系统,这一点并不重要,但现在却非常重要。
当你设置可接受的mime类型时,例如,Android用户会得到系统对话框,应用程序可以为他提供文件输入接受的mime内容,这是很棒的,因为在移动设备上的文件资源管理器中浏览文件是缓慢的,经常有压力。
重要的一点是,一些移动浏览器(基于Android版本的Chrome 36和Chrome Beta 37)不支持应用程序对扩展和多种mime类型的过滤。
It's been a few years, and Chrome at least makes use of this attribute. This attribute is very useful from a usability standpoint as it will filter out the unnecessary files for the user, making their experience smoother. However, the user can still select "all files" from the type (or otherwise bypass the filter), thus you should always validate the file where it is actually used; If you're using it on the server, validate it there before using it. The user can always bypass any client-side scripting.
在2015年,我发现让它同时适用于Chrome和Firefox的唯一方法是把所有你想支持的扩展,包括变体(包括前面的点!):
accept=".jpeg, .jpg, .jpe, .jfif, .jif"
Firefox的问题:使用图像/jpeg mime类型的Firefox将只显示。jpg文件,非常奇怪,好像普通的。jpeg是不行的…
无论您做什么,一定要尝试使用具有许多不同扩展名的文件。 也许这甚至取决于操作系统…我认为accept是不区分大小写的,但可能不是在每个浏览器中。
下面是关于accept的MDN文档:
接受 如果type属性的值是file,则该属性将指示服务器接受的文件类型,否则为 会被忽略。必须为逗号分隔的唯一性列表 内容类型说明符: 以STOP字符(U+002E)开头的文件扩展名。(例如。jpg, .png, .doc)。 没有扩展的有效MIME类型。 Audio /*表示声音文件。HTML5 Video /*表示视频文件。HTML5 Image /*表示图像文件。HTML5
Accept属性是在RFC 1867中引入的,目的是为文件选择控件启用基于MIME类型的文件类型过滤。但是到2008年为止,大多数(如果不是全部的话)浏览器都没有使用这个属性。使用客户端脚本,您可以为提交正确类型(扩展)的数据创建一种基于扩展的验证。
其他高级文件上传解决方案需要Flash电影(如SWFUpload)或Java applet(如JUpload)。
是的,它在支持它的浏览器中非常有用,但“限制”是为了方便用户(这样他们就不会被无关的文件淹没),而不是为了阻止他们上传你不想让他们上传的东西。
它在
找到了 狩猎6 + 火狐9 + 书名: 歌剧11:
下面是你可以使用它的内容类型列表,后面跟着相应的文件扩展名(当然你可以使用任何文件扩展名):
application/envoy evy
application/fractals fif
application/futuresplash spl
application/hta hta
application/internet-property-stream acx
application/mac-binhex40 hqx
application/msword doc
application/msword dot
application/octet-stream *
application/octet-stream bin
application/octet-stream class
application/octet-stream dms
application/octet-stream exe
application/octet-stream lha
application/octet-stream lzh
application/oda oda
application/olescript axs
application/pdf pdf
application/pics-rules prf
application/pkcs10 p10
application/pkix-crl crl
application/postscript ai
application/postscript eps
application/postscript ps
application/rtf rtf
application/set-payment-initiation setpay
application/set-registration-initiation setreg
application/vnd.ms-excel xla
application/vnd.ms-excel xlc
application/vnd.ms-excel xlm
application/vnd.ms-excel xls
application/vnd.ms-excel xlt
application/vnd.ms-excel xlw
application/vnd.ms-outlook msg
application/vnd.ms-pkicertstore sst
application/vnd.ms-pkiseccat cat
application/vnd.ms-pkistl stl
application/vnd.ms-powerpoint pot
application/vnd.ms-powerpoint pps
application/vnd.ms-powerpoint ppt
application/vnd.ms-project mpp
application/vnd.ms-works wcm
application/vnd.ms-works wdb
application/vnd.ms-works wks
application/vnd.ms-works wps
application/winhlp hlp
application/x-bcpio bcpio
application/x-cdf cdf
application/x-compress z
application/x-compressed tgz
application/x-cpio cpio
application/x-csh csh
application/x-director dcr
application/x-director dir
application/x-director dxr
application/x-dvi dvi
application/x-gtar gtar
application/x-gzip gz
application/x-hdf hdf
application/x-internet-signup ins
application/x-internet-signup isp
application/x-iphone iii
application/x-javascript js
application/x-latex latex
application/x-msaccess mdb
application/x-mscardfile crd
application/x-msclip clp
application/x-msdownload dll
application/x-msmediaview m13
application/x-msmediaview m14
application/x-msmediaview mvb
application/x-msmetafile wmf
application/x-msmoney mny
application/x-mspublisher pub
application/x-msschedule scd
application/x-msterminal trm
application/x-mswrite wri
application/x-netcdf cdf
application/x-netcdf nc
application/x-perfmon pma
application/x-perfmon pmc
application/x-perfmon pml
application/x-perfmon pmr
application/x-perfmon pmw
application/x-pkcs12 p12
application/x-pkcs12 pfx
application/x-pkcs7-certificates p7b
application/x-pkcs7-certificates spc
application/x-pkcs7-certreqresp p7r
application/x-pkcs7-mime p7c
application/x-pkcs7-mime p7m
application/x-pkcs7-signature p7s
application/x-sh sh
application/x-shar shar
application/x-shockwave-flash swf
application/x-stuffit sit
application/x-sv4cpio sv4cpio
application/x-sv4crc sv4crc
application/x-tar tar
application/x-tcl tcl
application/x-tex tex
application/x-texinfo texi
application/x-texinfo texinfo
application/x-troff roff
application/x-troff t
application/x-troff tr
application/x-troff-man man
application/x-troff-me me
application/x-troff-ms ms
application/x-ustar ustar
application/x-wais-source src
application/x-x509-ca-cert cer
application/x-x509-ca-cert crt
application/x-x509-ca-cert der
application/ynd.ms-pkipko pko
application/zip zip
audio/basic au
audio/basic snd
audio/mid mid
audio/mid rmi
audio/mpeg mp3
audio/x-aiff aif
audio/x-aiff aifc
audio/x-aiff aiff
audio/x-mpegurl m3u
audio/x-pn-realaudio ra
audio/x-pn-realaudio ram
audio/x-wav wav
image/bmp bmp
image/cis-cod cod
image/gif gif
image/ief ief
image/jpeg jpe
image/jpeg jpeg
image/jpeg jpg
image/pipeg jfif
image/svg+xml svg
image/tiff tif
image/tiff tiff
image/x-cmu-raster ras
image/x-cmx cmx
image/x-icon ico
image/x-portable-anymap pnm
image/x-portable-bitmap pbm
image/x-portable-graymap pgm
image/x-portable-pixmap ppm
image/x-rgb rgb
image/x-xbitmap xbm
image/x-xpixmap xpm
image/x-xwindowdump xwd
message/rfc822 mht
message/rfc822 mhtml
message/rfc822 nws
text/css css
text/h323 323
text/html htm
text/html html
text/html stm
text/iuls uls
text/plain bas
text/plain c
text/plain h
text/plain txt
text/richtext rtx
text/scriptlet sct
text/tab-separated-values tsv
text/webviewhtml htt
text/x-component htc
text/x-setext etx
text/x-vcard vcf
video/mpeg mp2
video/mpeg mpa
video/mpeg mpe
video/mpeg mpeg
video/mpeg mpg
video/mpeg mpv2
video/quicktime mov
video/quicktime qt
video/x-la-asf lsf
video/x-la-asf lsx
video/x-ms-asf asf
video/x-ms-asf asr
video/x-ms-asf asx
video/x-msvideo avi
video/x-sgi-movie movie
x-world/x-vrml flr
x-world/x-vrml vrml
x-world/x-vrml wrl
x-world/x-vrml wrz
x-world/x-vrml xaf
x-world/x-vrml xof