Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
browser-filesaver
Advanced tools
Readme
FileSaver.js implements the HTML5 W3C saveAs()
FileSaver interface in browsers that do
not natively support it. There is a FileSaver.js demo that demonstrates saving
various media types.
FileSaver.js is the solution to saving files on the client-side, and is perfect for webapps that need to generate files, or for saving sensitive information that shouldn't be sent to an external server.
Looking for canvas.toBlob()
for saving canvases? Check out
canvas-toBlob.js for a cross-browser implementation.
Browser | Constructs as | Filenames | Max Blob Size | Dependencies |
---|---|---|---|---|
Firefox 20+ | Blob | Yes | 800 MiB | None |
Firefox < 20 | data: URI | No | n/a | Blob.js |
Chrome | Blob | Yes | 500 MiB | None |
Chrome for Android | Blob | Yes | 500 MiB | None |
Edge | Blob | Yes | ? | None |
IE 10+ | Blob | Yes | 600 MiB | None |
Opera 15+ | Blob | Yes | 500 MiB | None |
Opera < 15 | data: URI | No | n/a | Blob.js |
Safari 6.1+* | Blob | No | ? | None |
Safari < 6 | data: URI | No | n/a | Blob.js |
Feature detection is possible:
try {
var isFileSaverSupported = !!new Blob;
} catch (e) {}
It is possible to save text files in IE < 10 without Flash-based polyfills.
See ChenWenBrian and koffsyrup's saveTextAs()
for more details.
Blobs may be opened instead of saved sometimes—you may have to direct your Safari users to manually
press ⌘+S to save the file after it is opened. Using the application/octet-stream
MIME type to force downloads can cause issues in Safari.
saveAs must be run within a user interaction event such as onTouchDown or onClick; setTimeout will prevent saveAs from triggering. Due to restrictions in iOS saveAs opens in a new window instead of downloading, if you want this fixed please tell Apple how this bug is affecting you.
FileSaver saveAs(Blob data, DOMString filename, optional Boolean disableAutoBOM)
Pass true
for disableAutoBOM
if you don't want FileSaver.js to automatically provide Unicode text encoding hints (see: byte order mark).
var blob = new Blob(["Hello, world!"], {type: "text/plain;charset=utf-8"});
saveAs(blob, "hello world.txt");
The standard W3C File API Blob
interface is not available in all browsers.
Blob.js is a cross-browser Blob
implementation that solves this.
var canvas = document.getElementById("my-canvas"), ctx = canvas.getContext("2d");
// draw to canvas...
canvas.toBlob(function(blob) {
saveAs(blob, "pretty image.png");
});
Note: The standard HTML5 canvas.toBlob()
method is not available in all browsers.
canvas-toBlob.js is a cross-browser canvas.toBlob()
that polyfills this.
The FileSaver.js
distribution file is compiled with Uglify.js like so:
uglifyjs FileSaver.js --mangle --comments /@source/ > FileSaver.min.js
Please make sure you build a production version before submitting a pull request.
Please see the this repo for a bower-compatible fork of FileSaver.js, available under the package name file-saver.js
.
FAQs
Cross-browser implementation of W3C saveAs API
The npm package browser-filesaver receives a total of 9,465 weekly downloads. As such, browser-filesaver popularity was classified as popular.
We found that browser-filesaver demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.