how to read word document before uploading it by webpage

Question

I have excel file abc.xls and I renamed it as abc.doc using command prompt. My requirement is: I want to upload a proper doc file, but there I can only check the MIME type of the file to upload file, this is not sufficient. I want to confirm before uploading the doc file, that it is a doc and not allow users to upload abc.doc file, because it is not a doc file its a excel file.

possible duplicate of http://stackoverflow.com/q/71944/745359 — wintersolutions, Mar 02 '12 at 08:24
Why you need client-side validation? If you don't trust the input you have to check it on the server again. What about the solution outlined in the question I linked? — wintersolutions, Mar 02 '12 at 16:59
what happened if I open the uploaded file which is actually excel not a doc file, it will give error like corrupted file when trying to open in ms word. So I am trying to avoid this future problem. — baviskarss, Mar 03 '12 at 05:35
You are wrong as to where validation should happen. This is a core webprogramming Principle: Always validate on the server side! See my answer. — wintersolutions, Mar 03 '12 at 11:27

wintersolutions · Answer 1 · 2012-03-03T11:41:04.687

Because the OP wrote it in the comments:

You are on a wrong track here, Validation should always happen on the server side, you can add additional validation on the client side, but its not required. You have to do this for a simple reason:

Clients can always circumvent client-side Validation methods because the Client is fully under their control. So even if you implement your validation method to check if its a doc or excel document, a bad user can always just send you a post request with the validation disabled and you're getting a excel document or a virus etc.

This is a core webprogramming principle: Never trust input data, you can't validate on the client only!

Secondly your validation is done much mor easily on the server. So you should upload any file (check for file extensions & size) and then validate on the server!

Elementenfresser · Answer 2 · 2012-03-03T08:00:41.110

0

You probably need an ActiveX Object to access the file content on the client system before uploading. Checking the byte array with javascript to find whether it's a real doc might prove interesting though :-) EDIT :

function CheckWordDoc(filepath){
    var fso, f, ts, s;
    var ForReading = 1, ForWriting = 2, ForAppending = 8;
    var TristateUseDefault = -2, TristateTrue = -1, TristateFalse = 0;
    fso = new ActiveXObject("Scripting.FileSystemObject");
    f = fso.getFile(filepath);
    ts = f.OpenAsTextStream(ForReading, TristateUseDefault);
    while (!ts.AtEndOfStream) {
        s = ts.ReadLine();
        if (s.indexOf("Word.Document.8") != -1) {
            ts.Close( );
            return true;
        }
    }          
    ts.Close( );
    return false;
}

http://www.piclist.com/techref/language/asp/vbs/vbscript/jsmthopenastextstream.htm http://msdn.microsoft.com/en-us/library/hwfw5c59%28v=vs.85%29.aspx

edited Mar 03 '12 at 08:00

answered Mar 02 '12 at 09:14

Elementenfresser

711
5
18

from the size we can't decide this is proper doc file – baviskarss Mar 02 '12 at 10:40
I know. That's why I said it will be interesting to check the byte array whether it's a real doc file...old doc file appear to have something like "Word.Document.8" at the end. docx file are compressed xml having occasional "word/" text defining the nodes...But ActiveX is blocked by default nowadays on most browsers, so I REALLY recommend uploading the file and check the bytes on the server before saving it to the disk. – Elementenfresser Mar 03 '12 at 08:04

how to read word document before uploading it by webpage

2 Answers2