From 669a9abe25f199feee8398f45e43cd8ec334f11b Mon Sep 17 00:00:00 2001
From: razinshafayet <sumonislamk29@gmail.com>
Date: Sat, 23 May 2026 12:24:52 +0600
Subject: [PATCH 1/2] fix: omit empty file inputs from remote form data

---
 .changeset/quiet-plums-hide.md              |  5 +++++
 packages/kit/src/runtime/form-utils.js      |  1 +
 packages/kit/src/runtime/form-utils.spec.js | 25 +++++++++++++++++++++
 3 files changed, 31 insertions(+)
 create mode 100644 .changeset/quiet-plums-hide.md

diff --git a/.changeset/quiet-plums-hide.md b/.changeset/quiet-plums-hide.md
new file mode 100644
index 000000000000..470b22833b21
--- /dev/null
+++ b/.changeset/quiet-plums-hide.md
@@ -0,0 +1,5 @@
+---
+'@sveltejs/kit': patch
+---
+
+fix: omit empty `file` inputs from remote form data
diff --git a/packages/kit/src/runtime/form-utils.js b/packages/kit/src/runtime/form-utils.js
index dfac3a9704aa..862609c94555 100644
--- a/packages/kit/src/runtime/form-utils.js
+++ b/packages/kit/src/runtime/form-utils.js
@@ -50,6 +50,7 @@ export function convert_formdata(data) {
 		values = values.filter(
 			(entry) => typeof entry === 'string' || entry.name !== '' || entry.size > 0
 		);
+		if (values.length === 0 && !is_array) continue;
 
 		if (key.startsWith('n:')) {
 			key = key.slice(2);
diff --git a/packages/kit/src/runtime/form-utils.spec.js b/packages/kit/src/runtime/form-utils.spec.js
index 9ea39ed0f69c..f314ea66054f 100644
--- a/packages/kit/src/runtime/form-utils.spec.js
+++ b/packages/kit/src/runtime/form-utils.spec.js
@@ -50,6 +50,14 @@ describe('split_path', () => {
 });
 
 describe('convert_formdata', () => {
+	beforeAll(() => {
+		// TODO: remove after dropping support for Node 18
+		if (!('File' in globalThis)) {
+			// @ts-ignore
+			globalThis.File = buffer.File;
+		}
+	});
+
 	test('converts a FormData object', () => {
 		const data = new FormData();
 
@@ -91,6 +99,23 @@ describe('convert_formdata', () => {
 		});
 	});
 
+	test('omits empty file inputs', () => {
+		const data = new FormData();
+
+		data.append('file', new File([], ''));
+
+		expect(convert_formdata(data)).toEqual({});
+	});
+
+	test('keeps real zero-byte files', () => {
+		const data = new FormData();
+		const file = new File([], 'empty.txt');
+
+		data.append('file', file);
+
+		expect(convert_formdata(data)).toEqual({ file });
+	});
+
 	test.each(POLLUTION_ATTACKS)('prevents prototype pollution: %s', (attack) => {
 		const data = new FormData();
 		data.append(attack, 'bad');

From ca2276b3e1e99f473e039ac8d45d6f74151279e2 Mon Sep 17 00:00:00 2001
From: razinshafayet <sumonislamk29@gmail.com>
Date: Sat, 23 May 2026 21:28:14 +0600
Subject: [PATCH 2/2] chore: rerun ci