HTML is uploaded in the form of the form (POST, GET)

File to process:

The change you need to do in the HTML DTD is an option for the InputType entity. In addition, we recommend it

A series of comma-separated file types as an an Accept property of the INPUT tag.

... (other elements) ...

Radio | Submit | RESET |

Image | hidden | file)>

TYPE% InputType Text

Name CData #implied - Required for All But Submit and Reset

Value cdata #implied

SRC% URI # IMPLIED - for Image Inputs -

Checked (Checked) # Implied

Size cdata #implied --Like Numbers,

But Delimited with Comma, Not Space

Maxlength Number #implied

Align (Top | Middle | Bottom) #implie

Accept cdata #implied --List of content type

>

... (other elements) ...

3. Recommended application

Because the client has a variety of ways to select the most appropriate way to explain the HTML content, this section is for one of them:

WWW browser is recommended to implement file upload.

3.1 Display of File Components

When the browser encounters an INPUT tag of a FILE type, it will display a file name (or the previous selection)

File name), and a browse button or a similar way of choice. Select this Browse button to trigger the browser corresponding to the corresponding file selection method therefor. For example, based on Windows

A browser will pop up a file selection window. In this file selection window, users can replace existing options

Select, to select an operation such as adding a new file. The browser's designer can determine the list of file names selected by itself.

No can be modified by the user.

If the tag has an Accept property, the browser can also limit the type of file that meets the platform.

3.2 Action after submitting

When the user fills the form and selects the Submit element, the browser should use the content of the form and the selected file.

The content is back. For text that transmits large-capacity binary data or contain non-ASCII characters,

The Application / X-WWW-form-urlencoded coding type is far from satisfying the requirements. So, we put forward one

New Media Type: Multipart / Form-Data, is used as a form that will be filled in from the client back to the host.

Efficient way of ending.

3.3 Multipart / Form-Data

The specific definitions of Multipart / Form-Data are made in Section 7. The most extreme case is that no number is selected.

according to. (This choice is very likely in some cases.) As part of the data stream, each of the forms

All in the order they appear in the form is sequentially sent. Every part is marked in the HTML form

The name identifies. If the type of content is known, the corresponding media content is identified (for example,

You can identify the file extension or from the relevant type information of the operating system), otherwise,

Application / OcTet-stream.

If there are multiple files to be uploaded, they must be transmitted in Multipart / Mixed format.

Although the HTTP protocol can transmit an arbitrary form of binary data, mail transmission (for example, if the form is act

The default mode of the form of Mailto is 7-bit encoding. But if the content transmitted and the default encoding is not compatible

If the transmitted content will need to be encoded, and a "Content-Transfer-Encoding" identification head is added.

(Details in this regard can refer to Section 5 of RFC 1521).

The original file name of the upload file should also be transmitted, or as a filename parameter, or

The title header of 'Content-Disposition: Form-Data' If the transfer is multiple files, it can be in the sub-content

The header of 'Content-Disposition: File'. Client applications should try to provide file names. If the client

The file name on the system contains non-US-ASCII characters, and the file name can be used in a similar character or according to RFC1522.

The method described in it is encoded. This has its convenience in some cases, such as the uploaded files may contain mutual

Associated relationship, such as a TEX file, may have a suffix for .sty's additional type description file.

At the server side, Action may point to an HTTP address, with CGI to complete the handler of the form. in

In this case, the CGI program will notice that the content type is Multipart / Form-Data, and take action to handle different

Field (check legitimacy, write files in processing order, etc.)

3.4 Explanation of other properties

tag can have a value property to specify the default file name. This may affect the platform-independent, but it may be very useful. For example, in some operations of multiple submission processes, it can be avoided

The same file name is not stopped.

You can specify the Size property with "size = wide, high". Width defaults to the width of the file name, and the height is selected

The display area of ​​the file list. For example, for those who wish to upload multiple files in the browser, and display

Multi-line file input box (of course, there is a Browse button next to it), this is very useful. Be no

When specifying a height value, you will only display a single line of file input box (if the form designer only wants to upload a file)

Words), and if the height value is greater than 1, the multi-line input box with the scroll bar will be displayed (if the form designer wants

Upload multiple files).

4. Consideration of backward compatibility

Although a successful improvement plan is not necessarily considering this for existing WWW form mechanisms, but considering

A migration strategy is also helpful: for users who use the old version of the browser, by means of one

Additional procedures, they can also upload files. Existing existing browsers are touching

When it is treated according to and gives the user a text input box. Users can be in this box

Enter the file name inside. In addition, it seems that existing browsers ignore the EncType parameters in the form element, and press

Send form data as Application / X-WWW-Form-Urlencoded.

In this case, when the CGI process of the server is transmitted, if the data type is

Application / X-WWW-FORM-URLENCODED, instead of multipart / form-data, you can know that users are using

The browser does not implement file upload.

In this case, the server-side CGI does not return a "text / html" response, but returns a data stream

The additional program can be handled; this data stream may be identified as "Application / X-please-send-file" and contains

The following content:

• The form data actually needs to be transferred (standard) URL addresses (end of CRLF)

• You should include the field name list of file content (separated by space, ending with CRLF)

• Client transfer to the server-side Application / X-WWW-FORM-URLENCODED form data

At this time, the browser needs to be set to start an additional program to handle Application / X-please-send-files.

request.

Additional programs can handle form data, and note those containing "local file name", you need to use actual files

Alternative fields. It may need to prompt users to change or add file lists, and then re-will

Pack Multipart / Form-Data and transfer it to the server again.

Additional programs can handle forms like those new version of browser to actually handle data, and follow the original Action

The specified URL address sends data. The advantage of this is that the server side can use "the same" CGI to process

Old versions and new version of browser.

Additional programs do not need to display form data, but "need" to ensure that users can know that the transferred files are appropriate. (This

It is to avoid the possibility of sending users who have not required to transfer files that are not required to transmit.

All issue. ) If it is possible to display the status of the file currently being transmitted, it will be very helpful. 5. Other considerations

5.1 Compression, encryption

This program does not consider the possible file compression. After a certain consideration, we find that if you want your browser to come by himself.

Deciding that those files need to be compressed, and discussions optimized for file compression will become very complicated. Many connection layers

Transmission protocols (such as high-speed modems) compress data on the connection layer, if compression is performed on this layer

Optimization may not be very appropriate. If you do so, let the browser choose whether to perform file content.

Content-Transfer-Encoding X-COMPRESS compression, and data decompression before server-side processing data

Shrink. But this will not be discussed in this scheme.

Also, this scheme also does not include a mechanism for encrypting data. This should be performed by other data confidential transport protocols

Rational, or confidentially HTTP (HTTPS), or email.

5.2 File Transmission Delay

In some cases, the server first on the form data first before accepting the data (for example, user name,

Account, etc.) verify that it is recommended. However, after a certain consideration, we think if the server wants to do this.

It is best to adopt a series of forms and pass the data elements that have been verified as the "hidden" field.

None, or by schedule the form that you need to verify the elements you need to verify first. In this case, those need to be complex

The server can maintain the status of transaction processing, and those simple applications can be implemented.

The HTTP protocol may need to know the total length of content in the entire transaction. Even if there is no clear request, HTTP client

You should also provide the total length of all the contents of all files, such a busy server can determine the content of the file.

No, too much, will not be processed completely, return an error code and turn off the connection, not to wait until acceptance

All data is judged. At present, some existing CGI applications need to know content for all POST transactions.

Total length.

If the INPUT tag contains a maxlength property, the client can view this property value as the server side.

The maximum number of bytes that can be accepted. In this case, the server can prompt customers before the start of the upload.

How many spaces on the server can be used for file upload. But it should be noticed that this is just a way

Show, the actual demand of the server may change before the form is created and uploaded.

In any case, if the received file is too large, any HTTP server may be transferred in file.

Interrupt transmission during the process.

5.3 Other solutions to transfer binary data

Some people have suggested using a new MIME type "aggregate", such as aggregate / mixed or

Content-Transfer-Encoding "Pack" to describe those binary data that are uncertain, not by decomposition into multiple

Part is expressed. Although we do not oppose this, this requires additional design and standardization work to let everyone pick up

Understand "aggregate". On the other hand, the mechanism of "decomposition is multi-part" work is very good, it can be very simple.

Single is implemented in the customer sender and server acceptance, and can be used to handle binary data in other integrated

Work as high efficiency.

5.4 Do not modify

Some people have mentioned, why do you want to modify the Input to implement file upload function, not a form element

A completely different type? In this consideration, when we use , the most important consideration is a compatible strategy.

In fact, tag "I have already" has been modified to include various input data, compared to create different

The type of tag, which is a more reasonable way to enhance . "Type" input

It is not the type of content it returns, and it is more like "multiple types", that is, it expresses and interacts with the user.

formula. Its definition is carefully considered to be used in a text browser, can also be used in sound tags.

5.5 default types for field content

Many fields in HTML require users to enter. In the past, how should people pass on these form data back to the server

Some opinions. However, it is clear that the content of these INPUT fields is clearly aid to eliminate this

Discrimination. The client should pass these data back to the server to separate them with CRLF, and appropriate

code.

5.6 Allow Action to point to "Mailto:"

Although it is not related to this program, if the action of the client's form is allowed to point to a "mailto:" address will be definitely

Often useful. This is a good idea regardless of the idea of ​​this program itself. Similarly, those forms used to receive mail

Action should also be defailed to point to "reply-to:". These two ideas help to make HTML forms with HTTP services

Work, but send content via email. Or can you do this: Allow an HTML form to be email

Send, when the message recipient indicated in the HTML fills in the form, then send the result as a mail.

5.7 Remote files transmitted by third parties

In some cases, users who operate client software may want to transmit through the specified URL address.

On, not a local data file. In this case, the browser can send a client to a remote data.

Connect, not all of the actual content? This requirement is actually available, for example, as long as the customer is

In the data sent to the server, use "Message / External-Body" to indicate the type of data,

"Access-Type" is set to the connection address and the URL address containing remote data in the content is sent.

5.8 Transfer files with EncType = X-WWW-FORM-URLENCoded

If a form contains element, the form itself does not contain the encType property, too

Just don't describe the corresponding behavior. This will cause unappropriate data for the server to perform unappropriate data.

URN encoding, and this will be the server side does not want to see

5.9 Put CRLF as a line break

Like all MIME transfers, when the content of the form is transmitted with the POST, the CRLF is used as a row.

Sure.

5.10 and Multipart / Related relationship

The mimeSGML team is considering developing a new type called Multipart / Related. It contains and

Multipart / form-data is similar. The use and application of Form-Data is completely different, so it is separately

Description.

In some cases, it is possible to encode the contents of the HTML form (including files) as Multipart / Related.

But this is very different from the situation discussed in this program.

5.11 Field name containing non-ASCII code

It should be noted that the title of MIME is usually constructed from the 7-bit US-ASCII character set. So if the word name

If the compass does not belong to the character set, it must be encoded in accordance with the method mentioned in RFC 1522. In HTML 2.0

Inside, the default character set is ISO-8859-1, and the field name consisting of non-ASCII code characters must be encoded. 6. Example

Suppose the server segment is provided with the following HTML:

ENCTYPE = "Multipart / Form-Data"

Method = POST>

What is your name?

What Files Are you sending?

Users fill in "Joe Blow" in the Name field, to the problem 'What files are you sending?', Users choose

A text file "file1.txt".

The customer segment may send back the following data:

Content-Type: Multipart / Form-Data, Boundary = AAB03X

--Aab03x

Content-disposition: form-data; name = "field1"

Joe Blow

--Aab03x

Content-disposition: form-data; Name = "pics"; filename = "file1.txt"

Content-Type: Text / Plain

... File1.txt content ...

--Aab03x -

If the user also selected another picture file "file2.gif", the data that the client may send will be:

Content-Type: Multipart / Form-Data, Boundary = AAB03X

--Aab03x

Content-disposition: form-data; name = "field1"

Joe Blow

--Aab03x

Content-disposition: form-data; name = "PICS"

Content-type: Multipart / Mixed, Boundary = BBC04Y

--Bbc04y

Content-disposition: attachment; filename = "file1.txt"

Content-Type: Text / Plain

... File1.txt content ...

--Bbc04y

Content-disposition: attachment; filename = "file2.gif"

Content-Type: Image / GIF

Content-Transfer-Encoding: binary

... File2.gif's content ...

--Bbc04y--

--Aab03x -

7. Registration of Multipart / Form-Data

Multipart / Form-Data complies with multiple data stream rules specified in RFC 1521. It is mainly used

To describe the data returned after filling the form. In a form (here is HTML, of course other applications can also

You can use a form), a series of fields are provided to the user to fill in, each with its own name. In one determination

In the form, each name is unique.

Multipart / form-data consists of multiple parts, each part has a Content-Disposition Title, which

The value is "form-data", and its properties indicate its field name in the form. For example, 'content-disposition: form-data; name = "xxxxx"', the XXXXX here is the field name corresponding to this field. If the field name contains non-

The ASCII code character should also be encoded in accordance with the method specified in RFC 1522.

For all multi-part MIME types, each part has an optional Content-Type, the default value is

TEXT / Plain. If the content of the file is filling up by the form, then the input file is defined as

Application / OCTET-Stream, or, if you know what type, it is defined as the corresponding media type. Such as

If a form returns multiple files, then they are Multipart / Mixed as a combined in Multipart / Form-Data.

Returns.

If the content transmitted does not meet the default encoding mode, this part will be encoded, plus

The header of "Content-Transfer-Encoding".

Uploaded files may also be specified file name, file names can be filed from the header "Content-Disposition" FileName

The parameter is specified. Although this is not required, we strongly recommend this to do this with the original file name.

This is essential or useful for many applications.

8. Safety consideration

This is very important if the user does not explicitly require a file, the user should not send the file. and so,

When you touch the marker of , the HTML interpreter should be able to make the user

Appreciate the name of the file. Do not use an implicit field to specify any files.

This program does not include discussions on data encryption; this should be a confidential data transfer protocol, or encrypt HTTP, or

The problem discussed by the encryption protocol provided by MOSS (there is a specific description in RFC 1848).

Once the file is uploaded, it will depends on the file acceptor to process the file or store it in place.

9. Conclusion

The application we recommend allows the client to have a lot of flexibility to determine the type and quantity of the file it sent to the server.

The server has the right to decide whether to accept the uploaded file, but also make the server opportunities and those who do not support type File.

INPUT browser interacts.

Although the change to HTML DTD is very simple, it has a big role. Ability to make this lack of file upload mechanism

The web has achieved many services. This will add many amazing value to the actual performance of the World Wide Web.

Author address:

Larry Masinter

Xerox Palo Alto Research Center

3333 COYOTE HILL ROAD

Palo alto, CA 94304

PHONE: (415) 812-4365

Fax: (415) 812-4333

Email: masinter@parc.xerox.com

Ernesto Nebel

XSoft, Xerox Corporation

10875 Rancho Bernardo Road, Suite 200

San Diego, CA 92127-2116

PHONE: (619) 676-7817

Fax: (619) 676-7865

Email: Nebel@xsoft.sd.xerox.com

A. Media types registered for Multipart / Form-Data

Media Type Name:

Multipart

Submatical name:

Form-data

Required parameters:

no

Optional parameters:

no

Code consideration:

There is no additional consideration than other types.

Released:

RFC 1867

Security consideration

Multipart / Form-Data has not introduced new security considerations for issues that may exist in content.

reference:

[RFC 1521] The first part of MIME (Multipurpose Internet Sports Extension Agreement):

Officer and specification mechanism for online mail content format

N. Borenstein & n.freed.

September 1993.

[RFC 1522] Second section of MIME (Multipurpose Internet Sports Extension Protocol):

Non-ASCII code text mail head expansion

K. Moore.

September 1993.

[RFC 1806] Intert News and Expressions

Information: Content-Disposition Title Header.

R. Troost & S. Dorner,

June 1995.

RFC 1867 Form-Based File Upload in HTML HTML is based on the form of the form

RFC Document Chinese Translation Program 1