Currently, we can only upload some commoonn image, video and audio files. It would be nice to also allow some common text/code files. (We cannot even upload .scd and .sc files!)
We might also consider allowing .zip files, at least in chats/PMs.
1 Like
There is no specific setting for “allow in PM”, only all users vs staff.
Awesome, thanks! (And some more characters…)
Added also py, json, html, css, js … feel free to suggest.
Also note the upload limit is still 4MB, this goes on a kind person’s server so I won’t be touching that out of respect for their storage costs. 
3 Likes
Thank you for this! Could the following be added?
yalm, pd, maxpat, csd, xml, musicxml, html, css, js, aup3
(aup3 is not sure, but the others seem to be useful in some cases).
Maybe a stupid question, but do we need to restrict the file types in the first place?
Or is there an option to block specific file types that we don’t want? I guess this would make more sense than allowing dozens or hundreds of file types
(On the other hand, if your favourite file type is not supported, you can just zip it.)
Yes, it is a good security practice: File Upload - OWASP Cheat Sheet Series
In fact I have removed .zip, .html and .js from the list after reading this.
1 Like
I totally forgot about zip bombs, but since files are only ever extracted by the user, this shouldn’t be a risk for the server, right? For example, GitHub does allow .zip files (but it disallows .exe files).
Could we also add rtf? It’s the default text format of TextEdit on macOS.
BTW, strictly speaking, .doc is a security risk: email - Possible dangers of .doc files - Information Security Stack Exchange. (My university blocks .doc files in e-mail attachments.)
Good idea, added rtf and remove doc/docx.