React-jsonschema-form: Multiple file widget validation can be bypassed
Prerequisites
- [x] I have read the documentation.
Description
If you select any files in the multi-file widget, and then cancel your selection, the form will still treat the input you give is valid because instead of undefined, it is now [], which is treated as valid input.
Steps to Reproduce
- Go to https://mozilla-services.github.io/react-jsonschema-form/, Files tab.
- Set "files" as "required" in formSchema
- In multi-file widget, select any files and confirm it, then click on it again but click cancel on file-select dialog.
Expected behavior
The value of the widget should be undefined and validation error occurred.
Actual behavior
The value of the widget is [] and no error is displayed.
Version
You can usually get this information in your package.json or in the file URL if you're using the unpkg one.
mugenmagic
All 7 comments
Even if it may sound confusing at first, an empty list actually satisfies the required requirement. If you want to check that the list contains at least one file, you should specify a minItems of 1:
{
"type": "object",
"required": ["files"],
"properties": {
"files": {
"type": "array",
"title": "Multiple files",
"items": {
"type": "string",
"format": "data-url"
},
"minItems": 1
}
}
}
n1k0
on 20 Oct 2016
I see, it might be nice if this is mentioned in the README too.
On 20 Oct 2016 14:53, "Nicolas Perriault" [email protected] wrote:
Closed #353
https://github.com/mozilla-services/react-jsonschema-form/issues/353.—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/mozilla-services/react-jsonschema-form/issues/353#event-830130205,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AVfcmRVW2myv8FG3ceYtiNvyVasKAh-cks5q1w_pgaJpZM4Kbt4h
.
mugenmagic
on 20 Oct 2016
it might be nice if this is mentioned in the README too.
I agree, would you mind contributing this small patch?
n1k0
on 20 Oct 2016
I agree, would you mind contributing this small patch?
(Make painful whining noises)
I don't think it is ok for me to document stuffs that is not resulted from my changes. So no. :|
mugenmagic
on 21 Oct 2016
I don't think it is ok for me to document stuffs that is not resulted from my changes. So no. :|
Your reaction is hard to understand. Nobody forces you to do anything, but in many years of practicing open source, I have never read such statement! Let me tell you: this is not the way it works!
leplatrem
on 21 Oct 2016
I don't think it is ok for me to document stuffs that is not resulted from my changes.
With that reasoning you should probably not use code that is not the result of your own work as well.
n1k0
on 21 Oct 2016
Your reaction is hard to understand. Nobody forces you to do anything, but in many years of practicing open source, I have never read such statement! Let me tell you: this is not the way it works!
With that reasoning you should probably not use code that is not the result of your own work as well.
Ok, fine. I take back what I just wrote, and I'm just going to say "no, I'm not going to contribute this small patch".
mugenmagic
on 21 Oct 2016
Related issues
videni
·
3Comments
abhishekpdubey
·
3Comments
ebower12
·
3Comments
ClockerZadq
·
3Comments
mfulton26
·
3Comments