Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Under Consideration
Workspace Domino Designer
Categories LotusScript
Created by Guest
Created on Oct 12, 2020

Notes File upload control should have a file type checking that only permits the upload of appropriate files and does not permit uploading any server-side scripts or executable files (e.g. .php, .jsp, etc.) or client-side executable files (e.g. .exe).

Notes File upload control should have a file type checking that only permits the upload of appropriate files and does not permit uploading any server-side scripts or executable files (e.g. .php, .jsp, etc.) or client-side executable files (e.g. .exe).

Added layer of security to control the MIME type being uploaded using the File Upload Control.

  • Attach files
  • Guest
    Reply
    |
    Jul 11, 2024

    I would like to get the file type based on the content of the file and not just based on the extension. Apache Tika could be used to get the metadata of the file and return the file type

  • Guest
    Reply
    |
    Oct 12, 2023

    Any update on this enhancement? It is a huge security ristk.

  • Guest
    Reply
    |
    Feb 14, 2022

    We have Vulnerabilities for this type of issues, is it possible to use any tools to check in form MIME type also without using xpages

  • Guest
    Reply
    |
    Sep 13, 2021

    Lotusscript should be able to know the mime of the file to be processed so that in the webquerysave it can be controlled, since it can lead to security errors among the users of the applications