I’m writing a shoppingcart plugin for my employers’ CMS. This cart is innovative in that it uses XMLHttpRequest to manage the basket, and to fetch item details – it’s pretty impressive, even if I do say so myself. Unfortunately, I don’t have a demo online yet, but hopefully soon…
Anyway – while writing it, I came across a little lack of functionality and couldn’t think of a way around it. I am hoping that making people aware of the problem may spark ideas on getting around it
Shopping items mostly have a title, a price, a description and an image associated with them. The first three are simple to do. The last, the image, is tricky, in XMLHttpRequest.
The security reasoning behind it is obvious – it would be trivial for a black-hat to write a script which sucks up personal files of people that visit their website. Paranoia is important when you work in the web.
Unfortunately, I believe the Mozilla crowd have been a little over-paranoid. I think it should be possible to access a file when the user has manually clicked on the Browse button, selected the file they want, and clicked Open.
Anyway – if anyone reads this, that has ever found a workaround for uploading files via XMLHttpRequest, please chime up in the comments box.