-
ismaelfhspAsked on May 5, 2025 at 12:13 PM
We are currently evaluating the security of our site, and one of the issues that came up involves Jotform. Although we can limit the types of files that are uploaded, the application is still accepting files without validating their internal content.
Is there a way to address or fix this?
-
Mafe_M JotForm SupportReplied on May 5, 2025 at 12:36 PM
Hi ismaelfhsp,
Thank you for reaching out to Jotform Support. Currently, Jotform allows you to limit the types of files that can be uploaded by setting file type restrictions. However, it does not perform validation of the internal content of the files beyond these file type restrictions. This means that while you can restrict uploads to certain file extensions, the system does not inspect the internal content of the files to verify their authenticity or safety.
Unfortunately, there is no built-in feature in Jotform to validate the internal content of uploaded files to address this security concern directly.
If security is a critical concern, you may want to implement additional server-side validation or scanning of uploaded files after they are received from Jotform. This could involve using antivirus or malware scanning tools on your server or cloud storage where the files are saved.
Give it a try and let us know how it goes.
