Am trying to change the file extension .exe to .png. When uploading the chnaged file it uploads.But its wrong. Without validating the file extension, any other solution to validate??
1
-
Does this answer your question? Limit file format when using <input type="file">?EGC– EGC2020-01-13 05:33:36 +00:00Commented Jan 13, 2020 at 5:33
Add a comment
|
1 Answer
There is no way to do this on the browser side and provide the needed security. You must always have some server side validation to protect your backend systems.
At the end of the day, the js and html code are available to the end user and can be bypassed at any time.
Validating the file extension for input is not a security measure but a user experience one.
In any case you can follow the excellent answer here: How to check file MIME type with javascript before upload? to read the bytes from the file and see if it is an exe. You just need to look for the exe header bytes instead of the image ones: http://faydoc.tripod.com/structures/15/1594.htm
