How To Get Rid of C:\FakePath in IE When Uploading A File to the Website [Fix]

I have been asked lately by a few my colleague why they got C:\fakepath after they upload a file or picture to a website in Internet Exlorer, namely Craiglist as one of them. After a bit of research, the mystery was unveiled.

According to the specifications of HTML5, a file upload control should not reveal the real local path to the file you have selected, if you manipulate its value string with JavaScript. Instead, the string that is returned by the script, which handles the file information is c:\fakepath.

This requirement is already implemented in Internet Explorer 8 – the real path to the file will be shown only if the page that contains the control is added to the trusted sites collection of the browser.

image

Note that this C:\fakepath doesn’t only happen on IE, but on IE 9 as well.

To get around it, you can either add the websites you are working with to the Trusted Sites list.

image

Or turn off the option called “Include local directory path when uploading files to a server”.

image

And obviously, adding the sites to the trusted sites list is highly recommended. Changing the custom level breaches the security level in IE, which may cause other issues down the road.

The interesting part is that this issue isn’t new and why all of sudden it happens now. Since it’s something to do with HTML 5 and JavaScript, I guess it’s just there are more and more sites starting to take advantage of these cool things.

  • Anthony G.

    In this article please correct “customer level” to “Custom Level”

    • http://www.windows7hacker.com Kent

      Thanks for pointing it out. I’ve corrected it.

      Cheers.

  • mark

    I have tried this work around without succes at least with g-mail

  • hamdy

    thanks alot it is working now

  • Manish Kulkarni

    Yes it works
    Thank you