Last updated
Last updated
Sometimes it might be necessary to validate the contents of a file before it gets saved to disk when uploading trough the backoffice.
To help with this, Umbraco supplies a FileStreamSecurityValidator
that runs all registered IFileStreamSecurityAnalyzer
implementations on the file streams it receives from it's different file upload endpoints. When any of the analyzers deem the file to be unsafe, the endpoint disregards the file and shows a relevant validation message where appropriate. This all happens in memory before the stream is written to a temporary file location.
The IFileStreamSecurityAnalyzer
needs a single method to be implemented:
IsConsideredSafe
: This method should return false if the analyzer finds a reason not to trust the file
The following class shows how one could potentially guard against Cross-site scripting(XSS) vulnerabilities in an svg file.
This is an example of registering the class with a composer:
Then you can upload a file with the following content to the backoffice and see that it is not persisted.
You can .
This section describes how you can implement File Validation