Skip to content
Advertisement

FileReader upload safety

Say I have <input type="file"> without any forms, and obtain an image selected by this input via File’s Blob javascript API:

input.addEventListener('change',  function(){

var reader = new FileReader();
reader.readAsDataURL(this.files[0]); 
reader.onloadend = function() {
var base64data = reader.result;   
               
var i = new Image(); 
i.src = base64data;
i.onload = function(){

var source = imageToDataUri(i,i.width,i.height,0.5);

});

And that’s all. Say, there is no php script in my server at all. User just uploads picture via the code below, and, for example, see how the picture is displaying in the web page.

In this case, is the picture actually stored somewhere in my server, and, if yes, can somebody fill all space in the server by just selecting picture in input?


Probably, I do not understand the blob technology correctly. As far as I understand, if I remove the onchange code above, just lefting input markup, obviously by selecting file by user, nothing will be send to sever (or already will?). At which line of the code below, browser sends any kind of requests to my server, and what is that request?

Advertisement

Answer

Nothing will be uploaded to your server by the FileReader nor Image API. It’s all happening in the browser on the visitor’s computer. Only explicit HTTP requests via fetch or XMLHttpRequest will cause actual HTTP requests to be sent to your server.

User contributions licensed under: CC BY-SA
8 People found this is helpful
Advertisement