MimeTypeHelper.GetSafeMimeType Method

MimeTypeHelperGetSafeMimeType Method

Returns a MIME type for the given fileName. If the fileName indicates an image, returns a common MIME type related to file's extension; otherwise the given contentType is returned.

Namespace: CMS.Helpers
Assembly: CMS.Helpers (in CMS.Helpers.dll) Version: 12.0.0

Syntax

Copy

public static string GetSafeMimeType(
	string fileName,
	string contentType
)

Parameters

fileName: Type: SystemString
File name
contentType: Type: SystemString
File content type

Return Value

Type: String
MIME type

Remarks

Use the method to check uploaded image files to prevent XSS attacks when the file seems to be an image (according to an extension) but actually it contains HTML code including script. This method prevents a potential attacker from forging the request content type when being uploaded to the server.

Reference

MimeTypeHelper Class

CMS.Helpers Namespace