-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: do not allow to upload files with invalid formats #558
Conversation
Codecov Report
@@ Coverage Diff @@
## master #558 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 13 13
Lines 699 710 +11
Branches 221 223 +2
=========================================
+ Hits 699 710 +11
Continue to review full report at Codecov.
|
Still need to add a test case for the following MIME types: |
Handled at a7c715a I've decided to use regex to validate cases where multiple images, videos, and audio formats are supplied, like "flags" Given a accept attribute like the following:
|
Still need to improve the validation logic for MIME types - After thinking a little bit more, it would be better to use another dependency to validate the file type. It would return code and make it easier to maintain. |
First of all: Thanks for this pull request :) As the user is not able to select files that don't match the The changes in I don't think validating the types here is complex enough to command outsourcing it in another dependency.
|
I really agree with that but, there are some situations worth discussing. For instance, if a button is disabled, the user won't be able to click on it, so the browser is already preventing the action - but Another situation is, the user may have 4 files and just one of them is not allowed to be selected, so the action will be performed anyway, in that way, I think that it's better if Let's also say that an engineer removes the |
I think that |
Let's follow the (living standard) spec: https://html.spec.whatwg.org/multipage/input.html#file-upload-state-(type=file) |
Could throwing or |
@LauraBeatris I opened a PR with suggested changes here: LauraBeatris#1 |
Removing an accept attribute would not break the test. Adding one would, but would also be the expected behavior of the test if you exclude a file per accept that you tried to upload. |
Sorry, I worded that incorrectly - removing a type from the list of accepted types. Wdyt about throw/console.error? Might save some people from getting stuck trying to figure out why their uploads are silently ignored |
The test would break if it tests for the uploaded files to be applied in that input/change event.
This would also mean that the user could not use edit: Maybe put a bit too strict: Yes he could test it, but a change would meaning an |
fix: apply file accept tokens
I'll fix the coverage soon |
What: Don't allow to upload files with invalid formats.
Why: Files with formats that aren't accepted aren't uploaded in an input file, in fact, it's not even allowed to select them, so the tests should also follow the same behavior.
How: Verify if the element has an
accept
attribute, if it does, verify if the file/files match the MIME types specified.Checklist: