11-08-2019, 10:12 AM
Hi. We have some data import functions in our web applications and the most commonly used one accepts .txt, .csv, .xlsx and .xls files. Currently we validate on file extension, but it would be nice to check the actual file contents as well for security reasons. So I tried the new CheckMimeType function in the AsyncUploadCompleted event handler. This is what it returns (for files that actually are what their file extension suggests):
.xlsx: 'application/zip'
.xls: 'application/msword'
.txt: ''
.csv: ''
If I compare with an online mime type checking tool (https://htmlstrip.com/mime-file-type-checker) I get
.xlsx: 'application/vnd.ms-excel'
.xls: 'application/vnd.ms-excel'
.txt: 'text/plain'
.csv: 'text/plain'
When I see your list above it is not so surprising that it fails to identify Excel files, but I make a feature request for it :-)
.xlsx: 'application/zip'
.xls: 'application/msword'
.txt: ''
.csv: ''
If I compare with an online mime type checking tool (https://htmlstrip.com/mime-file-type-checker) I get
.xlsx: 'application/vnd.ms-excel'
.xls: 'application/vnd.ms-excel'
.txt: 'text/plain'
.csv: 'text/plain'
When I see your list above it is not so surprising that it fails to identify Excel files, but I make a feature request for it :-)