Login/Register
How to check file MIME type with JavaScript before upload?
Asked Answered
Solved javascripthtmlfile-uploadmime-types
U

12

288

I have read this and this questions which seems to suggest that the file MIME type could be checked using JavaScript on client side. Now, I understand that the real validation still has to be done on server side. I want to perform a client side checking to avoid unnecessary wastage of server resource.

To test whether this can be done on client side, I changed the extension of a JPEG test file to .png and choose the file for upload. Before sending the file, I query the file object using a JavaScript console:

document.getElementsByTagName('input')[0].files[0];

This is what I get on Chrome 28.0:

File {webkitRelativePath: "", lastModifiedDate: Tue Oct 16 2012 10:00:00 GMT+0000 (UTC), name: "test.png", type: "image/png", size: 500055…}

It shows type to be image/png which seems to indicate that the checking is done based on file extension instead of MIME type. I tried Firefox 22.0 and it gives me the same result. But according to the W3C spec, MIME Sniffing should be implemented.

Am I right to say that there is no way to check the MIME type with JavaScript at the moment? Or am I missing something?

Ummersen answered 18/8, 2013 at 13:53 Comment(7)
I want to perform a client side checking to avoid unnecessary wastage of server resource. I don't understand how why you say that validation has to be done on the server side, but then say you want to reduce server resources. Golden rule: Never trust user input. What's the point of checking the MIME type on the client side if you're then just doing it on the server side. Surely that's an "unnecessary wastage of client resource"?Knecht
Providing better file type checking/feedback to users client-side is a good idea. However, as you have stated, browsers simply rely on the file extensions when determining the value of the type property for File objects. The webkit source code, for example, reveals this truth. It is possible to accurately identify files client-side by looking for "magic bytes" in the files, among other things. I'm currently working on an MIT library (in what little free time I have) that will do just that. If you're interested in my progress, have a look at github.com/rnicholus/determinater.Weakkneed
@IanClark, the point is that if the file is of an invalid type, I can reject it on client side rather than waste the upload bandwidth only to reject it on the server side.Ummersen
@RayNicholus, cool dude! Will look through it when I have the time. Thanks :)Ummersen
Are you sure that your test file still has the mimetype image/jpeg, and you didn't actually modify that by changing the extension?Marry
Mime type is not a magic bullet, it is just an assumption. Binary files themselves does not carry such a property, so there is no way to seamlessly "get it" client side. It is set BY SERVERS when sending data TO CLIENTS, but even then it is often guessed by file extension, or.. explicitly set by backend developers who know what content type they are sending out. en.wikipedia.org/wiki/Mime_typeShiner
@QuestionOverflow A little late, but I've added a complete solution and a live, working demo in my answer. Enjoy.Pardo
P
545

You can easily determine the file MIME type with JavaScript's FileReader before uploading it to a server. I agree that we should prefer server-side checking over client-side, but client-side checking is still possible. I'll show you how and provide a working demo at the bottom.

Check that your browser supports both File and Blob. All major ones should.

if (window.FileReader && window.Blob) {
    // All the File APIs are supported.
} else {
    // File and Blob are not supported
}

Step 1:

You can retrieve the File information from an <input> element like this (ref):

<input type="file" id="your-files" multiple>
<script>
var control = document.getElementById("your-files");
control.addEventListener("change", function(event) {
    // When the control has changed, there are new files
    var files = control.files,
    for (var i = 0; i < files.length; i++) {
        console.log("Filename: " + files[i].name);
        console.log("Type: " + files[i].type);
        console.log("Size: " + files[i].size + " bytes");
    }
}, false);
</script>

Here is a drag-and-drop version of the above (ref):

<div id="your-files"></div>
<script>
var target = document.getElementById("your-files");
target.addEventListener("dragover", function(event) {
    event.preventDefault();
}, false);

target.addEventListener("drop", function(event) {
    // Cancel default actions
    event.preventDefault();
    var files = event.dataTransfer.files,
    for (var i = 0; i < files.length; i++) {
        console.log("Filename: " + files[i].name);
        console.log("Type: " + files[i].type);
        console.log("Size: " + files[i].size + " bytes");
    }
}, false);
</script>

Step 2:

We can now inspect the files and tease out headers and MIME types.

✘ Quick method

You can naïvely ask Blob for the MIME type of whatever file it represents using this pattern:

var blob = files[i]; // See step 1 above
console.log(blob.type);

For images, MIME types come back like the following:

image/jpeg
image/png
...

Caveat: The MIME type is detected from the file extension and can be fooled or spoofed. One can rename a .jpg to a .png and the MIME type will be be reported as image/png.

✓ Proper header-inspecting method

To get the bonafide MIME type of a client-side file we can go a step further and inspect the first few bytes of the given file to compare against so-called magic numbers. Be warned that it's not entirely straightforward because, for instance, JPEG has a few "magic numbers". This is because the format has evolved since 1991. You might get away with checking only the first two bytes, but I prefer checking at least 4 bytes to reduce false positives.

Example file signatures of JPEG (first 4 bytes):

FF D8 FF E0 (SOI + ADD0)
FF D8 FF E1 (SOI + ADD1)
FF D8 FF E2 (SOI + ADD2)

Here is the essential code to retrieve the file header:

var blob = files[i]; // See step 1 above
var fileReader = new FileReader();
fileReader.onloadend = function(e) {
  var arr = (new Uint8Array(e.target.result)).subarray(0, 4);
  var header = "";
  for(var i = 0; i < arr.length; i++) {
     header += arr[i].toString(16);
  }
  console.log(header);

  // Check the file signature against known types

};
fileReader.readAsArrayBuffer(blob);

You can then determine the real MIME type like so (more file signatures here and here):

switch (header) {
    case "89504e47":
        type = "image/png";
        break;
    case "47494638":
        type = "image/gif";
        break;
    case "ffd8ffe0":
    case "ffd8ffe1":
    case "ffd8ffe2":
    case "ffd8ffe3":
    case "ffd8ffe8":
        type = "image/jpeg";
        break;
    default:
        type = "unknown"; // Or you can use the blob.type as fallback
        break;
}

Accept or reject file uploads as you like based on the MIME types expected.

Demo

Here is a working demo for local files and remote files (I had to bypass CORS just for this demo). Open the snippet, run it, and you should see three remote images of different types displayed. At the top you can select a local image or data file, and the file signature and/or MIME type will be displayed.

Notice that even if an image is renamed, its true MIME type can be determined. See below.

Screenshot

Expected output of demo

// Return the first few bytes of the file as a hex string
function getBLOBFileHeader(url, blob, callback) {
  var fileReader = new FileReader();
  fileReader.onloadend = function(e) {
    var arr = (new Uint8Array(e.target.result)).subarray(0, 4);
    var header = "";
    for (var i = 0; i < arr.length; i++) {
      header += arr[i].toString(16);
    }
    callback(url, header);
  };
  fileReader.readAsArrayBuffer(blob);
}

function getRemoteFileHeader(url, callback) {
  var xhr = new XMLHttpRequest();
  // Bypass CORS for this demo - naughty, Drakes
  xhr.open('GET', '//cors-anywhere.herokuapp.com/' + url);
  xhr.responseType = "blob";
  xhr.onload = function() {
    callback(url, xhr.response);
  };
  xhr.onerror = function() {
    alert('A network error occurred!');
  };
  xhr.send();
}

function headerCallback(url, headerString) {
  printHeaderInfo(url, headerString);
}

function remoteCallback(url, blob) {
  printImage(blob);
  getBLOBFileHeader(url, blob, headerCallback);
}

function printImage(blob) {
  // Add this image to the document body for proof of GET success
  var fr = new FileReader();
  fr.onloadend = function() {
    $("hr").after($("<img>").attr("src", fr.result))
      .after($("<div>").text("Blob MIME type: " + blob.type));
  };
  fr.readAsDataURL(blob);
}

// Add more from http://en.wikipedia.org/wiki/List_of_file_signatures
function mimeType(headerString) {
  switch (headerString) {
    case "89504e47":
      type = "image/png";
      break;
    case "47494638":
      type = "image/gif";
      break;
    case "ffd8ffe0":
    case "ffd8ffe1":
    case "ffd8ffe2":
      type = "image/jpeg";
      break;
    default:
      type = "unknown";
      break;
  }
  return type;
}

function printHeaderInfo(url, headerString) {
  $("hr").after($("<div>").text("Real MIME type: " + mimeType(headerString)))
    .after($("<div>").text("File header: 0x" + headerString))
    .after($("<div>").text(url));
}

/* Demo driver code */

var imageURLsArray = ["http://media2.giphy.com/media/8KrhxtEsrdhD2/giphy.gif", "http://upload.wikimedia.org/wikipedia/commons/e/e9/Felis_silvestris_silvestris_small_gradual_decrease_of_quality.png", "http://static.giantbomb.com/uploads/scale_small/0/316/520157-apple_logo_dec07.jpg"];

// Check for FileReader support
if (window.FileReader && window.Blob) {
  // Load all the remote images from the urls array
  for (var i = 0; i < imageURLsArray.length; i++) {
    getRemoteFileHeader(imageURLsArray[i], remoteCallback);
  }

  /* Handle local files */
  $("input").on('change', function(event) {
    var file = event.target.files[0];
    if (file.size >= 2 * 1024 * 1024) {
      alert("File size must be at most 2MB");
      return;
    }
    remoteCallback(escape(file.name), file);
  });

} else {
  // File and Blob are not supported
  $("hr").after( $("<div>").text("It seems your browser doesn't support FileReader") );
} /* Drakes, 2015 */
img {
  max-height: 200px
}
div {
  height: 26px;
  font: Arial;
  font-size: 12pt
}
form {
  height: 40px;
}
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<form>
  <input type="file" />
  <div>Choose an image to see its file signature.</div>
</form>
<hr/>
Pardo answered 16/4, 2015 at 11:10 Comment(16)
2 minor comments. (1) Wouldn't it be better to slice the file to it's first 4 bytes prior to reading? fileReader.readAsArrayBuffer(blob.slice(0,4))? (2) In order to copy/paste file signatures, shouldn't the header be constructed with leading 0's for(var i = 0; i < bytes.length; i++) { var byte = bytes[i]; fileSignature += (byte < 10 ? "0" : "") + byte.toString(16); } ?Gleason
@drakes where did you get file signature ffd8ffe2? Based on the wiki link you gave the file signatures for jpeg are ffd8ffdb, ffd8ffe0, and ffd8ffe1. Can you confirm? ThanksSaidee
@Deadpool See here. There are more, less common, JPEG formats from different makers. For example, FF D8 FF E2 = CANNON EOS JPEG FILE, FF D8 FF E3 = SAMSUNG D500 JPEG FILE. The key part of the JPEG signature is only 2 bytes, but to reduce false positives I added the most common 4-byte signatures. I hope that helps.Pardo
It looks like FF D8 FF is consistent in JPEG files. I think its safe to assume that only JPEG files have the pattern. It would be difficult to keep track of the 4-byte signature especially when some of the signatures are manufacturer dependent. Thanks @Pardo !Saidee
Has anyone tried to port libmagic over into javascript library available for the browser?Sager
Hi, this is a great answer. It is however not clear to me how to get the header information to decide whether to accept the file for upload or not. I want to make this decision inside the onchange event of the input field. Could you please clarify how I can achieve this? Sorry, Javascript beginner here.Paviour
Typescript says: property result does not exist on type EventTarget... What gives?Borchers
You don't have to load complete blob as ArrayBuffer to determine the mimeType. You can just slice and pass first 4 bytes of the blob like this: fileReader.readAsArrayBuffer(blob.slice(0, 4))Arlana
What should be the check to allow only plain text? The first 4 bytes for text files seem to the first 4 characters in the text file.Cristinacristine
I just encountered a JPEG with ffd8ffdb as signature. Not sure what its origin is.Egger
Read just first chunk? blob.stream().getReader().read().then(({ value }) => { new Uint32Array(value.buffer)[0] // header });Redon
This won't work if you need to check signatures which contains values lower than or equal to 0x09 because the conversion from hex to string does take care of padding.Kabyle
I made a function that returns the magic number as a promise: export async function getMagicNumber(file: File, signatureLength: number = 4) { return file.slice(0, signatureLength).arrayBuffer().then((buffer) => Array.from(new Uint8Array(buffer)).map((byte) => byte.toString(16).padStart(2, '0')).join('').toUpperCase()); }Burcham
Tried this because I need to check to only allow .json, .csv, .tsv, and .txt files but am not able to get consistent numbers for each of those types. Are there issues with text-based formats where this technique wouldn't work?Brentwood
@Brentwood .. text based files can never be checked using magic numbers.. they are just plain text and the characters in the file will be just the content of the file.. take a look here to understand more about magic numbers en.wikipedia.org/wiki/Magic_number_(programming)#In_filesExample
How about a PDF? Can that be checked with magic numbers? Or what would be a could way to check for those?Propylite
P
36

As stated in other answers, you can check the mime type by checking the signature of the file in the first bytes of the file.

But what other answers are doing is loading the entire file in memory in order to check the signature, which is very wasteful and could easily freeze your browser if you select a big file by accident or not.

/**
 * Load the mime type based on the signature of the first bytes of the file
 * @param  {File}   file        A instance of File
 * @param  {Function} callback  Callback with the result
 * @author Victor www.vitim.us
 * @date   2017-03-23
 */
function loadMime(file, callback) {
    
    //List of known mimes
    var mimes = [
        {
            mime: 'image/jpeg',
            pattern: [0xFF, 0xD8, 0xFF],
            mask: [0xFF, 0xFF, 0xFF],
        },
        {
            mime: 'image/png',
            pattern: [0x89, 0x50, 0x4E, 0x47],
            mask: [0xFF, 0xFF, 0xFF, 0xFF],
        }
        // you can expand this list @see https://mimesniff.spec.whatwg.org/#matching-an-image-type-pattern
    ];

    function check(bytes, mime) {
        for (var i = 0, l = mime.mask.length; i < l; ++i) {
            if ((bytes[i] & mime.mask[i]) - mime.pattern[i] !== 0) {
                return false;
            }
        }
        return true;
    }

    var blob = file.slice(0, 4); //read the first 4 bytes of the file

    var reader = new FileReader();
    reader.onloadend = function(e) {
        if (e.target.readyState === FileReader.DONE) {
            var bytes = new Uint8Array(e.target.result);

            for (var i=0, l = mimes.length; i<l; ++i) {
                if (check(bytes, mimes[i])) return callback("Mime: " + mimes[i].mime + " <br> Browser:" + file.type);
            }

            return callback("Mime: unknown <br> Browser:" + file.type);
        }
    };
    reader.readAsArrayBuffer(blob);
}


//when selecting a file on the input
fileInput.onchange = function() {
    loadMime(fileInput.files[0], function(mime) {

        //print the output to the screen
        output.innerHTML = mime;
    });
};
<input type="file" id="fileInput">
<div id="output"></div>
Preglacial answered 23/3, 2017 at 17:50 Comment(1)
I think readyState will always be FileReader.DONE in the event handler (W3C spec) even if there was an error - shouldn't the check be if (!e.target.error) instead?Mastectomy
M
21

For anyone who's looking to not implement this themselves, Sindresorhus has created a utility that works in the browser and has the header-to-mime mappings for most documents you could want.

https://github.com/sindresorhus/file-type

You could combine Vitim.us's suggestion of only reading in the first X bytes to avoid loading everything into memory with using this utility (example in es6):

import fileType from 'file-type'; // or wherever you load the dependency

const blob = file.slice(0, fileType.minimumBytes);

const reader = new FileReader();
reader.onloadend = function(e) {
  if (e.target.readyState !== FileReader.DONE) {
    return;
  }

  const bytes = new Uint8Array(e.target.result);
  const { ext, mime } = fileType.fromBuffer(bytes);

  // ext is the desired extension and mime is the mimetype
};
reader.readAsArrayBuffer(blob);
Meniscus answered 13/3, 2019 at 7:19 Comment(4)
For me, the latest version of the library didn't work but the "file-type": "12.4.0" worked and I had to use import * as fileType from "file-type";Curling
This seems to be a library for node, and it doesn't work in the browser because it uses node stuff.Schematic
@Schematic what errors did you run into? I was able to use in browser at time of this answer but maybe something got updatedMeniscus
@Meniscus i also cannot run it in the browser. i tried following there recommendation from github.com/sindresorhus/file-type?tab=readme-ov-file#browser but it still ain't working. are you able to share ur code on how u made it run on the browser?Ketron
K
9

Here is a Typescript implementation that supports webp. This is based on the JavaScript answer by Vitim.us.

interface Mime {
  mime: string;
  pattern: (number | undefined)[];
}

// tslint:disable number-literal-format
// tslint:disable no-magic-numbers
const imageMimes: Mime[] = [
  {
    mime: 'image/png',
    pattern: [0x89, 0x50, 0x4e, 0x47]
  },
  {
    mime: 'image/jpeg',
    pattern: [0xff, 0xd8, 0xff]
  },
  {
    mime: 'image/gif',
    pattern: [0x47, 0x49, 0x46, 0x38]
  },
  {
    mime: 'image/webp',
    pattern: [0x52, 0x49, 0x46, 0x46, undefined, undefined, undefined, undefined, 0x57, 0x45, 0x42, 0x50, 0x56, 0x50],
  }
  // You can expand this list @see https://mimesniff.spec.whatwg.org/#matching-an-image-type-pattern
];
// tslint:enable no-magic-numbers
// tslint:enable number-literal-format

function isMime(bytes: Uint8Array, mime: Mime): boolean {
  return mime.pattern.every((p, i) => !p || bytes[i] === p);
}

function validateImageMimeType(file: File, callback: (b: boolean) => void) {
  const numBytesNeeded = Math.max(...imageMimes.map(m => m.pattern.length));
  const blob = file.slice(0, numBytesNeeded); // Read the needed bytes of the file

  const fileReader = new FileReader();

  fileReader.onloadend = e => {
    if (!e || !fileReader.result) return;

    const bytes = new Uint8Array(fileReader.result as ArrayBuffer);

    const valid = imageMimes.some(mime => isMime(bytes, mime));

    callback(valid);
  };

  fileReader.readAsArrayBuffer(blob);
}

// When selecting a file on the input
fileInput.onchange = () => {
  const file = fileInput.files && fileInput.files[0];
  if (!file) return;

  validateImageMimeType(file, valid => {
    if (!valid) {
      alert('Not a valid image file.');
    }
  });
};


<input type="file" id="fileInput">
Kilbride answered 29/10, 2019 at 18:20 Comment(2)
The question asks a solution in javascript strictly. Although I understand that typescript is easily convertible to javascript it's still an extra step that escapes the boundaries of the original question.Pastoralize
Really appreciate the effort to transform this into typescript. It's helpful for people who are using javascript with type checking.Plugugly
T
5

This is what you have to do

var fileVariable =document.getElementsById('fileId').files[0];

If you want to check for image file types then

if(fileVariable.type.match('image.*'))
{
 alert('its an image');
}
Tonita answered 14/3, 2017 at 7:15 Comment(1)
Currently not working for: Firefox for Android, Opera for Android, and Safari on iOS. developer.mozilla.org/en-US/docs/Web/API/File/typePungy
C
4

As Drake states this could be done with FileReader. However, what I present here is a functional version. Take in consideration that the big problem with doing this with JavaScript is to reset the input file. Well, this restricts to only JPG (for other formats you will have to change the mime type and the magic number):

<form id="form-id">
  <input type="file" id="input-id" accept="image/jpeg"/>
</form>

<script type="text/javascript">
    $(function(){
        $("#input-id").on('change', function(event) {
            var file = event.target.files[0];
            if(file.size>=2*1024*1024) {
                alert("JPG images of maximum 2MB");
                $("#form-id").get(0).reset(); //the tricky part is to "empty" the input file here I reset the form.
                return;
            }

            if(!file.type.match('image/jp.*')) {
                alert("only JPG images");
                $("#form-id").get(0).reset(); //the tricky part is to "empty" the input file here I reset the form.
                return;
            }

            var fileReader = new FileReader();
            fileReader.onload = function(e) {
                var int32View = new Uint8Array(e.target.result);
                //verify the magic number
                // for JPG is 0xFF 0xD8 0xFF 0xE0 (see https://en.wikipedia.org/wiki/List_of_file_signatures)
                if(int32View.length>4 && int32View[0]==0xFF && int32View[1]==0xD8 && int32View[2]==0xFF && int32View[3]==0xE0) {
                    alert("ok!");
                } else {
                    alert("only valid JPG images");
                    $("#form-id").get(0).reset(); //the tricky part is to "empty" the input file here I reset the form.
                    return;
                }
            };
            fileReader.readAsArrayBuffer(file);
        });
    });
</script>

Take in consideration that this was tested on latest versions of Firefox and Chrome, and on IExplore 10.

For a complete list of mime types see Wikipedia.

For a complete list of magic number see Wikipedia.

Chism answered 7/5, 2015 at 22:39 Comment(2)
The Wikipedia links above are no longer valid.Genevivegenevra
@BobQuinn fixed, thanskChism
B
4

If you just want to check if the file uploaded is an image you can just try to load it into <img> tag an check for any error callback.

Example:

var input = document.getElementsByTagName('input')[0];
var reader = new FileReader();

reader.onload = function (e) {
    imageExists(e.target.result, function(exists){
        if (exists) {

            // Do something with the image file.. 

        } else {

            // different file format

        }
    });
};

reader.readAsDataURL(input.files[0]);


function imageExists(url, callback) {
    var img = new Image();
    img.onload = function() { callback(true); };
    img.onerror = function() { callback(false); };
    img.src = url;
}
Bluh answered 20/5, 2016 at 8:40 Comment(1)
Works great, I tried a .gif file uploader hack and it threw an error :)Tetramethyldiarsine
Z
4

Here's a minimal typescript/promise util for the browser;

export const getFileHeader = (file: File): Promise<string> => {
  return new Promise(resolve => {
    const headerBytes = file.slice(0, 4); // Read the first 4 bytes of the file
    const fileReader = new FileReader();
    fileReader.onloadend = (e: ProgressEvent<FileReader>) => {
      const arr = new Uint8Array(e?.target?.result as ArrayBufferLike).subarray(
        0,
        4,
      );
      let header = '';
      for (let i = 0; i < arr.length; i++) {
        header += arr[i].toString(16);
      }
      resolve(header);
    };
    fileReader.readAsArrayBuffer(headerBytes);
  });
};

Use like so in your validation (I needed a PDF check);

// https://mimesniff.spec.whatwg.org/#matching-an-image-type-pattern
const pdfBytePattern = "25504446"
const fileHeader = await getFileHeader(file)
const isPdf = fileHeader === pdfBytePattern // => true
Zoa answered 2/3, 2022 at 10:0 Comment(0)
P
3

I needed to check for a few more file types.

Following up the excellent answer given by Drakes, I came up with the below code after I found this website with a very extensive table of file types and their headers. Both in Hex and String.

I also needed an asynchronous function to deal with many files and other problems related to the project I'm working that does not matter here.

Here is the code in vanilla javascript.

// getFileMimeType
// @param {Object} the file object created by the input[type=file] DOM element.
// @return {Object} a Promise that resolves with the MIME type as argument or undefined
// if no MIME type matches were found.
const getFileMimeType = file => {

    // Making the function async.
    return new Promise(resolve => {
        let fileReader = new FileReader();
        fileReader.onloadend = event => {
            const byteArray = new Uint8Array(event.target.result);

            // Checking if it's JPEG. For JPEG we need to check the first 2 bytes.
            // We can check further if more specific type is needed.
            if(byteArray[0] == 255 && byteArray[1] == 216){
                resolve('image/jpeg');
                return;
            }

            // If it's not JPEG we can check for signature strings directly.
            // This is only the case when the bytes have a readable character.
            const td = new TextDecoder("utf-8");
            const headerString = td.decode(byteArray);

            // Array to be iterated [<string signature>, <MIME type>]
            const mimeTypes = [
                // Images
                ['PNG', 'image/png'],
                // Audio
                ['ID3', 'audio/mpeg'],// MP3
                // Video
                ['ftypmp4', 'video/mp4'],// MP4
                ['ftypisom', 'video/mp4'],// MP4
                // HTML
                ['<!DOCTYPE html>', 'text/html'],
                // PDF
                ['%PDF', 'application/pdf']
                // Add the needed files for your case.
            ];

            // Iterate over the required types.
            for(let i = 0;i < mimeTypes.length;i++){
                // If a type matches we return the MIME type
                if(headerString.indexOf(mimeTypes[i][0]) > -1){
                    resolve(mimeTypes[i][1]);
                    return;
                }
            }

            // If not is found we resolve with a blank argument
            resolve();

        }
        // Slice enough bytes to get readable strings.
        // I chose 32 arbitrarily. Note that some headers are offset by
        // a number of bytes.
        fileReader.readAsArrayBuffer(file.slice(0,32));
    });

};

// The input[type=file] DOM element.
const fileField = document.querySelector('#file-upload');
// Event to detect when the user added files.
fileField.onchange = event => {

    // We iterate over each file and log the file name and it's MIME type.
    // This iteration is asynchronous.
    Array.from(fileField.files, async file => {
        console.log(file.name, await getFileMimeType(file));
    });

};

Notice that in the getFileMimeType function you can employ 2 approaches to find the correct MIME type.

  1. Search the bytes directly.
  2. Search for Strings after converting the bytes to string.

I used the first approach with JPEG because what makes it identifiable are the first 2 bytes and those bytes are not readable string characters.

With the rest of the file types I could check for readable string character signatures. For example: [video/mp4] -> 'ftypmp4' or 'ftypisom'

If you need to support a file that is not on the Gary Kessler's list, you can console.log() the bytes or converted string to find a proper signature for the obscure file you need to support.

Note1: The Gary Kessler's list has been updated and the mp4 signatures are different now, you should check it when implementing this. Note2: the Array.from is designed to use a .map like function as it second argument.

Pastoralize answered 7/7, 2021 at 18:12 Comment(1)
You can look up FourCC file format signatures here; filesignatures.netMidwest
T
0

Here is an extension of Roberto14's answer that does the following:

THIS WILL ONLY ALLOW IMAGES

Checks if FileReader is available and falls back to extension checking if it is not available.

Gives an error alert if not an image

If it is an image it loads a preview

** You should still do server side validation, this is more a convenience for the end user than anything else. But it is handy!

<form id="myform">
    <input type="file" id="myimage" onchange="readURL(this)" />
    <img id="preview" src="#" alt="Image Preview" />
</form>

<script>
function readURL(input) {
    if (window.FileReader && window.Blob) {
        if (input.files && input.files[0]) {
            var reader = new FileReader();
            reader.onload = function (e) {
                var img = new Image();
                img.onload = function() {
                    var preview = document.getElementById('preview');
                    preview.src = e.target.result;
                    };
                img.onerror = function() { 
                    alert('error');
                    input.value = '';
                    };
                img.src = e.target.result;
                }
            reader.readAsDataURL(input.files[0]);
            }
        }
    else {
        var ext = input.value.split('.');
        ext = ext[ext.length-1].toLowerCase();      
        var arrayExtensions = ['jpg' , 'jpeg', 'png', 'bmp', 'gif'];
        if (arrayExtensions.lastIndexOf(ext) == -1) {
            alert('error');
            input.value = '';
            }
        else {
            var preview = document.getElementById('preview');
            preview.setAttribute('alt', 'Browser does not support preview.');
            }
        }
    }
</script>
Tetramethyldiarsine answered 18/9, 2016 at 16:36 Comment(0)
H
0

For Png files you can do even more checking than just checking for some magic header bytes, as Png files have a particular file format that you can check.

TLDR: there are a series of chunks that must be in a specific order, and each chunk has a crc error correction code that you can check if it is valid.

https://en.wikipedia.org/wiki/Portable_Network_Graphics#File_format

I have made a little library that checks that the chunk layout is correct, and it checks that the crc code for each chunk is valid. Ready to consume as a npm package here:

https://www.npmjs.com/package/png-validator

Helgoland answered 18/7, 2022 at 13:48 Comment(0)
S
-1

Short answer is no.

As you note the browsers derive type from the file extension. Mac preview also seems to run off the extension. I'm assuming its because its faster reading the file name contained in the pointer, rather than looking up and reading the file on disk.

I made a copy of a jpg renamed with png.

I was able to consistently get the following from both images in chrome (should work in modern browsers).

ÿØÿàJFIFÿþ;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90

Which you could hack out a String.indexOf('jpeg') check for image type.

Here is a fiddle to explore http://jsfiddle.net/bamboo/jkZ2v/1/

The ambigious line I forgot to comment in the example

console.log( /^(.*)$/m.exec(window.atob( image.src.split(',')[1] )) );

  • Splits the base64 encoded img data, leaving on the image
  • Base64 decodes the image
  • Matches only the first line of the image data

The fiddle code uses base64 decode which wont work in IE9, I did find a nice example using VB script that works in IE http://blog.nihilogic.dk/2008/08/imageinfo-reading-image-metadata-with.html

The code to load the image was taken from Joel Vardy, who is doing some cool image canvas resizing client side before uploading which may be of interest https://joelvardy.com/writing/javascript-image-upload

Shalon answered 26/6, 2014 at 2:25 Comment(2)
Please don't search JPEGs for the "jpeg" substring, that's just a coincidence you found it in a comment. JPEG files don't have to contain it (and if you're thinking about searching for JFIF instead, well APP0 doesn't have to contain JFIF in EXIF-JPEGs so that's out too).Quintie
See top "Short answer is no".Shalon

© 2022 - 2024 — McMap. All rights reserved.