joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: Add new Parse Server option fileUpload.fileExtensions to restrict file upload by file extension (#8539)

Browse Source
This commit is contained in:
Manuel
2023-05-21 01:31:52 +02:00
committed by GitHub
parent db4c214eac
commit a27482c57e
6 changed files with 209 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Options/docs.js
View File

@@ -222,6 +222,7 @@
* @property {Boolean} enableForAnonymousUser Is true if file upload should be allowed for anonymous users.
* @property {Boolean} enableForAuthenticatedUser Is true if file upload should be allowed for authenticated users.
* @property {Boolean} enableForPublic Is true if file upload should be allowed for anyone, regardless of user authentication.
* @property {String[]} fileExtensions Sets the allowed file extensions for uploading files. The extension is defined as an array of file extensions, or a regex pattern.<br><br>It is recommended to restrict the file upload extensions as much as possible. HTML files are especially problematic as they may be used by an attacker who uploads a HTML form to look legitimate under your app's domain name, or to compromise the session token of another user via accessing the browser's local storage.<br><br>Defaults to `^[^hH][^tT][^mM][^lL]?$` which allows any file extension except HTML files.
*/
/**