MIME类型检查无用于文件上传? (特别是使用Javascript File API)? [英] MIME type check useless for file upload? (in particular, using the Javascript File API)?
问题描述
客户端,使用文件$ c $ (来自 W3C File API )和类似于这一行的代码:
if(file.type.indexOf(text)== 0){...}
可以执行文件类型的检查。显然,这使用 MIME类型(它返回这些字符串)。
在我的旅途中,我冒险通过这个有价值的贡献者,他认为MIME类型是无用的。
在文件上传的情况下,MIME类型确实基本没用,因此任何类型的检查都应该发生在服务器端?
贡献者是正确的。您不能仅仅依靠MIME类型检查来真正验证文件。这仅用于快速查找。例如,在客户端,可以在发送到服务器之前检查文件的MIME类型,以防用户选择错误的文件类型,从而节省时间和带宽。道歉自由使用逗号!
I've got a server script receiving an uploaded file from Javascript.
Client-side, using a File
object (from the W3C File API) and code similar to this line:
if (file.type.indexOf("text") == 0) { ... }
one can perform a check of the file type. Apparently, this uses a MIME type (which returns these strings).
In my journeys here through SO, I ventured across this worthy contributor, who maintains that MIME types are useless.
Are MIME types indeed basically useless in a file upload situation, and any type checking should therefore occur server-side?
The contributer is correct. You can't rely merely on MIME type checking to truly validate a file. It's only useful for quick lookups. For instance, on the client side, you can check the MIME type of a file before it is sent to the server, just in case the user chose the wrong file type, saving time and bandwidth. Apologies for the liberal use of commas!
这篇关于MIME类型检查无用于文件上传? (特别是使用Javascript File API)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!