Answered

Restrict File Upload Type


Userlevel 1

I’m creating an application form for a contest, and I’d really like to restrict the file upload type so that people can only upload video files. Is there a way to do this? 

icon

Best answer by Mariana 10 June 2021, 09:34

View original

24 replies

Userlevel 7
Badge +5

Hi @Antonia. Welcome to the Typeform Community :hugging:

 

It's not possible to restrict the file upload type at the moment. As a workaround, you could add a reminder to the description of the question, reinforcing that only videos will be considered for the contest. Do you believe this would help? 

Userlevel 7
Badge +5

Hi @Antonia would adding a reminder in the description work for you? :grinning:

This would be really useful! Please consider this towards a near future.

@Mariana 

This feature is much more important than just bad UX.

We use typeform in our native mobile apps through the webview. Our apps don’t have system permissions to record video, but as typeform doesn’t allow to restrict file types, system dialog still have an option to record video. Selecting “record video” option crashes the app.

Is there a way to create an official feature request for this?

 

 

Userlevel 7
Badge +5

Hi @Gleb At the moment, we don’t support typeforms embedded into apps, so I’m afraid it is possible that the forms won’t work correctly when added to an app. 

That said, I haven’t seen an issue like this with those that have attempted to add a form to their application, so it’s possible it has to do with a conflict in the code. 

However, our product team suggestion that you could avoid the app from crashing by catching the error in the app (code-wise) and display a message to your users saying that they can’t perform that action. 

Today we are using Typeform to receive requests from our clients. However, IT tells us that there is a security risk of a virus being sent to us.

I need to limit which .exe extensions cannot be sent. It's possible? Does Typeform use any antivirus system?

Userlevel 7
Badge +5

Hi @Iggo We don’t currently have this feature available, but if that changes, we’ll post an update here. 😀

This is such a simple feature to implement from a tech perspective.

Please give this information to the responsible product owner.

 

Thank you. :-)

Hi there, 

 

Can someone help, we’re using typeform with an option to upload a file. We get a lot of HEIC type images and ideally we would like to block them as they’re not native to Windows format, hence it takes a while to convert them. Is there such option? 

Userlevel 7
Badge +5

Hi @VN Member I’ve added your post here where we have the answer. 

Super simple and OBVIOUS option to add...

Literally just a simple text filter on the file name. 

Paying a lot of money for this, and forced to accept a .exe file as a profile picture...

Userlevel 7
Badge +5

Thanks for the feedback, @xcd 😀

Hi @Liz just wanted to follow-up on the feedback here. Without filetype restrictions, it creates a very limited use case for how we can leverage the file upload tool due to security reasons. It would be great if we could follow-up on adding simple filters for filetypes for uploading. Engineering wise it should not be complicated.

Just wanted to know when this can be implemented so we can really start utilizing this feature to its full potential.

Userlevel 7
Badge +5

Hi @Endeavouring Company Totally understand. I’ve reached back out to product to ask, as I haven’t heard anything about further developments on this block, but that could have changed. 

Userlevel 3
Badge +1

Adding my voice to this. Please add the ability to limit file types as soon as possible.  Literally Typeform does this - just not VideoAsk for some reason. Look at how Typeform does it and copy that mode. Just allow us to set what files types are accepted via a dropdown list in the setup of the VIdeoask.  An important and neccesary detail to save hours of work for businesses that may rely on people uploading files to our site. Thanks. 

Userlevel 7
Badge +5

Hey @Jeanne Dimmick I will add this to the VideoAsk feature request board, thanks as always for sharing your feedback 🙏

Haven't tested it yet, this wouldn't be the most secure either, but until they integrate it into native code, something can be done on the client side.

 

To restrict the file types that can be uploaded through the upload field in Typeform using JavaScript, you can add custom validation logic. Here's an example of how you can achieve this: 

<script type="module">
import Typebot from 'https://cdn.jsdelivr.net/npm/@typebot.io/js@0.1.13/dist/web.js';

document.addEventListener('DOMContentLoaded', function() {
Typebot.initStandard({
apiHost: "https://bot.demo.cloudron.io"
});

const fileInput = document.querySelector('typebot-standard').shadowRoot.querySelector('.typebot-upload-input');

fileInput.addEventListener('change', function(event) {
const file = event.target.files[0];
const allowedTypes = ['image/jpeg', 'image/png', 'image/gif'];

if (!allowedTypes.includes(file.type)) {
alert('Only image files (JPEG, PNG, GIF) are allowed. Please select a valid file.');
event.target.value = '';
}
});
});
</script>

<typebot-standard style="width: 100%; height: 600px;"></typebot-standard>

In this modified code, after initializing Typebot, an event listener is added to the file input element within the Typebot chatbot interface. When a file is selected, the event listener triggers and performs the custom validation logic.

The `querySelector` and `shadowRoot.querySelector` methods are used to target the file input element within the Typebot chatbot interface. You can adjust this code if the structure or class names of the Typebot component change in the future.

The `allowedTypes` array contains the file types that are allowed for upload. In this example, only image files with MIME types `image/jpeg`, `image/png`, and `image/gif` are allowed. If the selected file does not match the allowed types, an alert is shown, and the file input field is cleared.

Please note that this code assumes the Typebot component has been loaded and rendered on the page before the JavaScript code executes.

 

 
Userlevel 3
Badge +1

Is this something that can be used with Videoask?  I am not a Tyoeform user, just Videoask, and not familiar with Typebot, etc, mentioned here.  

Is this something that can be used with Videoask?  I am not a Tyoeform user, just Videoask, and not familiar with Typebot, etc, mentioned here.  

Sorry I'm not familiar with Videoask 😕

Hello,
In the different Typeforms we’re using, we ask people to upload a picture.
Unfortunately, most of them are uploading .HEIC file and this is definitely an issue for us.
We have already added a note to the description but most people continue to send us this type of file.
Is there a way to restrict it?

Userlevel 7
Badge +5

Hi @prisca Thanks for stopping by the community! I added your post here where we have an existing conversation about this. 

It is truly unacceptable that this has not been fixed in all the years typeform exists. Forcing the end user to accept all formats is not only absurd from a UX/DX point of view, but it opens the developer (the owner of the Typeform account, aka the PAYING CUSTOMER) to abuses, as mentioned above. A user with bad intent has free access to upload viruses or whatever the hell they want because Typeform does not allow the most basic restriction. This is even more absurd given that the implementation of this feature would take all of 10 minutes. It is EXTREMELY easy to do. I am a full stack developer of 20 years, I’m not making this up.

It is negligent on behalf of Typeform to continute to ignore this.

 

Whoever sees this - whatever typeform employee comes across this thread, please fly this all the way up the flagpole and make it a priority because it is truly unacceptable that you have not done this already.

Userlevel 7
Badge +5

Hi @JamesCarter Thanks for stopping by and sharing this feedback. I know this feature hasn’t been prioritized due to other features taking a higher stance, such as partial responses, but I’ll share your use case for this. I know they’re also looking into adding elements such as captcha to help prevent spam responses, so seeing your use case for the file restriction will be helpful. 😀

The uploading of .HEIC images messes up so many workflows for us. We only want PNG or JPEG, but there is no way to restrict file uploads so we don’t get these other file types. The security concerns mentioned in this thread are also an issue. Hoping this can be released soon. It seems like an easy change to me as well. 

Reply