bapril
commented
6 years ago This will require some thought. It would still be easy for a user to upload malicious HTML or JS under another file-type. This would require the user to change file-type in to expose the risk, but users of this platform do that frequently. We could simply block .htm/.html/.js etc, but without explanation users will change ext and upload anyway. Thanks
It was noted that the web portal accepts any and all filetypes for uploading to the Web portal, during a penetration test and vulnerability test of a Trident instance. JavaScript files, HTML Files, and other files could be uploaded without restriction.
It may be prudent to create an option to allow only certain types of files to be uploaded via the "Files" portion of Trident trustgroups, to allow for us to better control what 'malicious' file types should not be uploaded to the Portal.