将文件路径从Flash传递到JavaScript以进行上传？

Question

first of all my question: Is it possible to pass file names from a running Flash application, which only purpose is to enable multiple-file-selection, to a JavaScript application which handles upload of all files to the server?

I have examined various Flash upload solutions (like SWFUpload, Uploadify, etc.) and none of them meets my needs. I want an easy to implement solution (like Uploadify) which also lets me specify various parts of the HTTP request.

The reason I need this is because my upload form uses session cookies (for user authentication) and an CSRF token both passed to the server when uploading files.

Is it technically possible to pass filenames (+ paths) to a JavaScript application which then handles the upload?

Thank you, FMD

Answer 1

I'm sorry but no, its not possible to pass the filenames to JavaScript from Flash, however, you could pass the session ID to Flash.

If you are using PHP (I'm not saying you are, your server side language might have similar functions), you could reestablish the session:

session_id($_POST['ses']);
session_start();

The reason why you can't pass the filenames to JavaScript, (or set it by script in the first place) is that it would be a major security issue, consider the following:

var uploader = document.getElementById('id_of_input_type_file');
uploader.value = 'c:\Users\Administrator\Documents\commonBankKeyFile.ebjkeystore';
document.getElementById('formId').submit();

...And there you go, I just got your bank credentials just by you visiting my page, no Phishing needed.