[VPAT-16] improvement: add file validation to prevent malicious uploads #8493

Add client-side checks for double extensions, dangerous file types, dot files, and path traversal patterns. Addresses security audit recommendations for file upload validation.
2026-02-17 00:21:21 +05:30 · 2026-02-17 00:21:21 +05:30 · e10deb10f2
commit e10deb10f2
parent 49fc6aa0a0
2 changed files with 70 additions and 10 deletions
--- a/packages/constants/src/file.ts
+++ b/packages/constants/src/file.ts
@ -18,3 +18,22 @@ export const ACCEPTED_COVER_IMAGE_MIME_TYPES_FOR_REACT_DROPZONE = {
  "image/png": [],
  "image/webp": [],
 };
+
+/**
+ * Dangerous file extensions that should be blocked
+ */
+export const DANGEROUS_EXTENSIONS = [
+  "exe",
+  "bat",
+  "cmd",
+  "sh",
+  "php",
+  "asp",
+  "aspx",
+  "jsp",
+  "cgi",
+  "dll",
+  "vbs",
+  "jar",
+  "ps1",
+];