MimeTypeHelperGetSafeMimeType Method |
Returns a MIME type for the given fileName.
If the fileName indicates an image, returns a common MIME type related to file's extension; otherwise the given contentType is returned.
Namespace: CMS.HelpersAssembly: CMS.Helpers (in CMS.Helpers.dll) Version: 12.0.0
Syntax public static string GetSafeMimeType(
string fileName,
string contentType
)
Parameters
- fileName
- Type: SystemString
File name - contentType
- Type: SystemString
File content type
Return Value
Type:
StringMIME type
Remarks
Use the method to check uploaded image files to prevent XSS attacks when the file seems to be an image (according to an extension) but actually it contains HTML code
including script. This method prevents a potential attacker from forging the request content type when being uploaded to the server.
See Also