0

I have a hypothetical question. I currently am using AngularJS in my application and I am using a third party module, ng-file-upload, for file uploads. Now obviously I can check the file extension of the uploaded file and exclude it / prevent it from being sent to the server should it be undesirable, for example I only wish to allow the upload of images and the user uploads a word document. However I was thinking. Should a malicious user change a file from say "nastyfile.exe" to "nastyfile.gif" the malicious file would pass my check/validation using the File.type property as the File.type would be image/gif. To my knowledge there is no way on the frontend I could check if the original file extension has been modified using JavaScript. Is this the case or is there a way to determine this?

Thanks in advance.

Mike Sav
  • 14,805
  • 31
  • 98
  • 143
  • This really helped... http://stackoverflow.com/questions/18299806/how-to-check-file-mime-type-with-javascript-before-upload – Mike Sav Oct 27 '16 at 09:49

1 Answers1

0

Try to create an image. Then listen error & load event if load trigger, it is an image, else if error trigger it is not an image ;)

var img = new Image();

img.onerror = function() { /* not an image */ }
img.onload = function() { /* it is an image */ }

img.src = 'PATH/FILENAME';
Steeve Pitis
  • 4,283
  • 1
  • 21
  • 24