Microsoft KB Archive/892442

= Users must submit a fully qualified path when you use the &quot;input type=file&quot; element in a Web application in Windows XP Service Pack 2 =

Article ID: 892442

Article Last Modified on 6/1/2007

-

APPLIES TO

 Microsoft Windows XP Service Pack 2, when used with:  Microsoft Windows XP Home Edition

 Microsoft Windows XP Professional 

-





SYMPTOMS
In Microsoft Windows XP Service Pack 2 (SP2), you may use an input type=file element in an application. If you let the user type a path in the text box part of the element and they do not provide a fully qualified path that includes the drive and root folder, one of the following conditions occurs:
 * If the user submits the form by using an input type=submit element, nothing occurs.
 * If the user tries to submit the form that contains the control by clicking a link, and that link invokes JavaScript code that calls the Submit method, the user receives an &quot;Access is Denied&quot; scripting error message. For example, postbacks for server-side Microsoft ASP.NET controls may use the Submit method.



WORKAROUND
To work around this behavior, follow these steps:  If you can access the code that calls the Submit method, handle the script error, and then prompt the user to enter a fully qualified path.</li>  Prevent the user from editing the contents of the text box. This effectively forces the user to click Browse to choose the file path. For example, use the following code example to prevent the user from editing the text box contents in Microsoft Internet Explorer. <script language=&quot;javascript&quot;> <form name=&quot;Form1&quot; action=&quot;SimpleResults.aspx&quot; method=&quot;post&quot; ID=&quot;Form1&quot;> <input id=&quot;txtFileUpload&quot; onkeydown=&quot;return test;&quot; onbeforeeditfocus=&quot;return false;&quot; type=&quot;file&quot; name=&quot;txtFileUpload&quot; /> <p /> <input type=&quot;submit&quot; value=&quot;Submit&quot; ID=&quot;Submit1&quot; NAME=&quot;Submit1&quot; /> </li> Create your own ActiveX control to provide this functionality.</li></ol>

<div class="status_section">

STATUS
This behavior is by design.

<div class="moreinformation_section">

Steps to reproduce the behavior
<ol>  Paste the following code example in a file that is named Simple.html, and then save the file on your Web server. <script language=&quot;javascript&quot;> function go {   theform = document.Form1; theform.submit; }   <form name=&quot;Form1&quot; action=&quot;SimpleResults.aspx&quot; method=&quot;post&quot;> This example demonstrates the change to the &quot;input type=file&quot; element in Windows XP SP2: Note: You cannot put information in an &quot;input type=file&quot; element by using script code. For more information, see the following article in the Microsoft Knowledge Base: <a href=&quot;http://support.microsoft.com/kb/266087&quot;>266087</a>

<input id=&quot;txtFileUpload&quot; style=&quot;WIDTH: 346px; HEIGHT: 20px&quot; type=&quot;file&quot; size=&quot;30&quot; name=&quot;txtFileUpload&quot; /> 1. Now, if you enter a path that is missing the drive letter and root folder in           the text box part of the control, and then you click submit, the Submit method call will not be permitted. Therefore, nothing will occur.

<input type=&quot;submit&quot; value=&quot;Try to use a Submit button&quot; /> 2. Also, if you enter a path that is missing the drive letter and root folder in the text box part of the control, and then you click a link that uses scripting to submit the form, you receive an &quot;Access is Denied&quot; scripting error message.

<a onclick=&quot;javascript:go&quot; href=&quot;#&quot;>This link causes the &quot;Access is Denied&quot; error message.</a> </li>  Paste the following code example in a file that is named SimpleResults.aspx. <%@ Page Language=&quot;C#&quot; %> <script runat=&quot;server&quot;> void Page_Load {       txtResults.Text = Request.Form[&quot;txtFileUpload&quot;]; }   <form runat=&quot;server&quot;> Here are the results of submitting the contents of the &quot;input type=file&quot; element. <asp:TextBox id=&quot;txtResults&quot; runat=&quot;server&quot; Width=&quot;469px&quot;></asp:TextBox> </li> In a Web browser, open Simple.html.</li> In the text box that is in the input type=file element, type some text that does not include C:\ or a similar path.</li> Click Submit. Notice that nothing occurs.</li> Click This link causes the &quot;Access is Denied&quot; error message.. You receive an &quot;Access is Denied&quot; script error message.</li></ol>

<div class="references_section">