[Fixed]-Django – forms.FileField() initial value


By security standards, <input type="file"> can’t have a default value and it can’t be manipulated.

The reason is, that a hacker can set the default value of the file input to any important file on your system (containing passwords, certificates and so on), hide this field using CSS and you will never know that you have uploaded something to hackers host.


I’m not sure, if this is what you want, but…

Obviously you cannot set initial data for a file input (this would imply that you send a file to the user). Django has a ClearableFileInput widget though, and this widget pretends to show initial data: it displays a link to the uploaded file if the link is present.

This is implemented through checking if the initial object (the object passed to form constructor in files dictionary) has the url attribute. Once you set this attribute, the widget will display the “Currently link” line.

By the way, if you got the file object using a File Storage, then you can get the link to that file using storage’s url() method.

Leave a comment