如何在java脚本中上传图像时限制.exe扩展名?/
[英]How to restrict .exe extension while uploading image in java script?/
问题描述
Am trying to change the file extension .exe to .png.
我正在尝试将文件扩展名 .exe 更改为 .png。 When uploading the chnaged file it uploads.But its wrong.上传更改后的文件时,它会上传。但它是错误的。 Without validating the file extension, any other solution to validate??不验证文件扩展名,还有其他解决方案来验证吗??
1 个解决方案
解决方案1
1 2020-01-13 05:55:21
There is no way to do this on the browser side and provide the needed security.在浏览器端没有办法做到这一点并提供所需的安全性。 You must always have some server side validation to protect your backend systems.您必须始终进行一些服务器端验证以保护您的后端系统。
At the end of the day, the js and html code are available to the end user and can be bypassed at any time.归根结底,js 和 html 代码可供最终用户使用,并且可以随时绕过。
Validating the file extension for input is not a security measure but a user experience one.验证input的文件扩展名不是一种安全措施,而是一种用户体验。
In any case you can follow the excellent answer here: How to check file MIME type with javascript before upload?在任何情况下,您都可以按照这里的优秀答案进行操作: How to check file MIME type with javascript before upload? to read the bytes from the file and see if it is an exe.从文件中读取字节,看看它是否是一个 exe。 You just need to look for the exe header bytes instead of the image ones: http://faydoc.tripod.com/structures/15/1594.htm您只需要查找 exe 头字节而不是图像字节: http : //faydoc.tripod.com/structures/15/1594.htm
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.