HTML Standard Tracker


File a bug

SVNBugCommentTime (UTC)
705711482[Gecko] [Internet Explorer] [Opera] [Webkit] Introduce extensions in accept=''.2012-04-18 23:22
@@ -56407,20 +56407,24 @@ interface <dfn>HTMLFormElement</dfn> : <span>HTMLElement</span> {
    <dd>Indicates that video files are accepted.</dd>
    <dt>The string <code title="">image/*</code></dt>
    <dd>Indicates that image files are accepted.</dd>
    <dt>A <span>valid MIME type with no parameters</span></dt>
    <dd>Indicates that files of the specified type are accepted.</dd>
+   <dt>A string whose first character is a U+002E FULL STOP character (.)</dt>
+   <dd>Indicates that files with the specified file extension are accepted.</dd>
   <p>The tokens must not be <span>ASCII case-insensitive</span>
   matches for any of the other tokens (i.e. duplicates are not
   allowed). <span class="impl">To obtain the list of tokens from the
   attribute, the user agent must <span title="split a string on
   commas">split the attribute value on commas</span>.</span></p>
   <p>User agents may use the value of this attribute to display a more
   appropriate user interface than a generic file picker. For instance,
@@ -56430,20 +56434,60 @@ interface <dfn>HTMLFormElement</dfn> : <span>HTMLElement</span> {
   title="">audio/*</code>, a user agent could offer the user the
   option of recording a clip using a headset microphone.</p>
   <div class="impl">
   <p>User agents should prevent the user from selecting files that are
   not accepted by one (or more) of these tokens.</p>
+  <p class="note">Authors are encouraged to specify both any MIME
+  types and any corresponding extensions when looking for data in a
+  specific format.</p>
+  <div class="example">
+   <p>For example, consider an application that converts Microsoft
+   Word documents to Open Document Format files. Since Microsoft Word
+   documents are described with a wide variety of MIME types and
+   extensions, the site can list several, as follows:</p>
+   <pre>&lt;input type="file" accept=".doc .docx .xml application/msword application/vnd.openxmlformats-officedocument.wordprocessingml.document"></pre>
+   <p>On platforms that only use file extensions to describe file
+   types, the extensions listed here can be used to filter the allowed
+   documents, while the MIME types can be used with the system's type
+   registration table (mapping MIME types to extensions used by the
+   system), if any, to determine any other extensions to allow.
+   Similarly, on a system that does not have file names or extensions
+   but labels documents with MIME types internally, the MIME types can
+   be used to pick the allowed files, while the extensions can be used
+   if the system has an extension registration table that maps known
+   extensions to MIME types used by the system.</p>
+  </div>
+  <p class="warning">Extensions tend to be ambiguous (e.g. there are
+  an untold number of formats that use the "<code
+  title="">.dat</code>" extension, and users can typically quite
+  easily rename their files to have a "<code title="">.doc</code>"
+  extension even if they are not Microsoft Word documents), and MIME
+  types tend to be unreliable (e.g. many formats have no formally
+  registered types, and many formats are in practice labeled using a
+  number of different MIME types). Authors are reminded that, as
+  usual, data received from a client should be treated with caution,
+  as it may not be in an expected format even if the user is not
+  hostile and the user agent fully obeyed the <code
+  title="attr-input-accept">accept</code> attribute's
+  requirements.</p>
   <div class="example" id="fakepath-srsly">
    <p>For historical reasons, the <code
    title="dom-input-value">value</code> IDL attribute prefixes the
    filename with the string "<code title="">C:\fakepath\</code>". Some
    legacy user agents actually included the full path (which was a
    security vulnerability). As a result of this, obtaining the
    filename from the <code title="dom-input-value">value</code> IDL
    attribute in a backwards-compatible way is non-trivial. The
    following function extracts the filename in a suitably compatible