Should HTML have a “max file size” attribute for input type=file?(discourse.specifiction.org)
discourse.specifiction.org
Should HTML have a “max file size” attribute for input type=file?
http://discourse.specifiction.org/t/maxium-file-size-for-upload/885
9 comments
No, I do not think this should be implemented. The proper way (in addition to server-side validation, of course) is to utilize JavaScript in order to verify the file's size. This solution also allows different maximum sizes for different file types as one example in the discussion shows. Using JavaScript also adds additional flexibility when trying to achieve custom error messages.
In general, I think the HTML specification is getting quite bloated these days, but this is not the place to discuss this.
I'm not sure this attribute makes sense. Yes you can specify a set of types to only allow but this is then used in the file system's native browser to simply filter files out and it clearly shows the user what it's looking for.
For file size there is no interface that shows you what your limit or acceptable range is. In this case how do you notify the user they're trying to upload more than they should? Do we then tie modals / messages to the file input to handle the cases where a user selects something too big?
At least right now you can handle all of this via JavaScript. I think that may make sense to continue versus adding additional attributes.
For file size there is no interface that shows you what your limit or acceptable range is. In this case how do you notify the user they're trying to upload more than they should? Do we then tie modals / messages to the file input to handle the cases where a user selects something too big?
At least right now you can handle all of this via JavaScript. I think that may make sense to continue versus adding additional attributes.
I guess this wouldn't replace proper server side validation anyway, but it would be a nice addition.
None of HTML's new form attributes replace server side validation (which is annoying since you end up repeating code and having slight differences), however it's a good start.
With CORS and CSRF tokens, it would cut down on accidental issues – which for most sites is a bigger deal than malicious activity.
With CORS and CSRF tokens, it would cut down on accidental issues – which for most sites is a bigger deal than malicious activity.
In that sense, it'd be a perfect analogue to the "maxlength" attribute on text inputs. (In fact, I wonder if it'd be sufficient to just make that attribute apply to file inputs as well...)
Yeah, exactly. It just prevents people from uploading ridiculously large files which have no hope of completing.
Well you can check file sizes in JavaScript before upload so you can do this already.
Yep, browsers could serve up a warning instantly.
This requires server-side validation anyway, so I fail to see the point of it.
You just know some less-than-stellar web developer is going to use it and not use any proper server-side validation.
You just know some less-than-stellar web developer is going to use it and not use any proper server-side validation.