Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I know that from security standpoint this is not safe. But I intend to use the javascript code for convenience. So just as a first pass.
My goal is to avoid any false-positives i.e. it is fine if a malicious hacker manipulated the file to have the mime-types that I accept (because I will be doing a second pass on server side) but I I would want to prevent legal files being detected as problematic.
UPDATE
Prototype of a working solution http://jsfiddle.net/tankchintan/5EUjE/1/
It is OK so long as you are confirming the type on the server side.
Using it on the client will just be a convenience to the end user. How are you determining the mime type? If it is just on extension, then you may as well just check for a valid extension on the client side.
Update
It appears to be just mapping extensions to file types, as a
pngrenamed asmp3ismpeg/audioto the code.So, ensure you validate the type on the server by checking the file’s contents, not its extension.