Allow more file types for upload?

Currently, we can only upload some commoonn image, video and audio files. It would be nice to also allow some common text/code files. (We cannot even upload .scd and .sc files!)

We might also consider allowing .zip files, at least in chats/PMs.

1 Like

Done, I wasn’t aware the settings were so restrictive:


There is no specific setting for “allow in PM”, only all users vs staff.

Awesome, thanks! (And some more characters…)

Added also py, json, html, css, js … feel free to suggest.

Also note the upload limit is still 4MB, this goes on a kind person’s server so I won’t be touching that out of respect for their storage costs. :slight_smile:


Thank you for this! Could the following be added?
yalm, pd, maxpat, csd, xml, musicxml, html, css, js, aup3
(aup3 is not sure, but the others seem to be useful in some cases).

Maybe a stupid question, but do we need to restrict the file types in the first place?

Or is there an option to block specific file types that we don’t want? I guess this would make more sense than allowing dozens or hundreds of file types :slight_smile:

(On the other hand, if your favourite file type is not supported, you can just zip it.)

Yes, it is a good security practice: File Upload - OWASP Cheat Sheet Series

In fact I have removed .zip, .html and .js from the list after reading this.

Some of those were already there, others I am not adding based on security guidance.

New list:

1 Like

I totally forgot about zip bombs, but since files are only ever extracted by the user, this shouldn’t be a risk for the server, right? For example, GitHub does allow .zip files (but it disallows .exe files).

Could we also add rtf? It’s the default text format of TextEdit on macOS.

BTW, strictly speaking, .doc is a security risk: email - Possible dangers of .doc files - Information Security Stack Exchange. (My university blocks .doc files in e-mail attachments.)

Good idea, added rtf and remove doc/docx.