Additional security considerations for the input file component - Githubissues

dotnet / AspNetCore.Docs

Documentation for ASP.NET Core

https://docs.microsoft.com/aspnet/core

Creative Commons Attribution 4.0 International

12.59k stars 25.3k forks source link

Additional security considerations for the input file component #33850

Open javiercn opened 2 hours ago

javiercn commented 2 hours ago

Description

Include a section about security considerations in for https://learn.microsoft.com/en-us/aspnet/core/blazor/file-uploads?view=aspnetcore-8.0#file-size-read-and-upload-limits

In addition to the section mentioned in the article above about limits, we should add a Security Considerations section to cover https://learn.microsoft.com/en-us/aspnet/core/mvc/models/file-uploads?view=aspnetcore-8.0#file-name-security and to explicitly call out avoiding the usage of the Size property in the IBrowserFile instance to impose a limit on the file size. (In other words, no file.OpenReadStream(file.Size))

Page URL

https://learn.microsoft.com/en-us/aspnet/core/blazor/file-uploads?view=aspnetcore-8.0

Content source URL

https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/blazor/file-uploads.md

Document ID

c11d981c-05af-c19d-a333-feedd5978639

Article author

@guardrex

github-actions[bot] commented 2 hours ago

🍂🎃🏮 Autumn Skies and Pumpkin Pies! 🥧☕🍂

Stand by! A green dinosaur 🦖 will arrive shortly to assist.