How to Block Scripts in your File Upload Process using JavaScript

It’s generally safest to assume that script files & scripts embedded within document uploads are included for nefarious purposes. Detecting hidden scripts requires in-depth content verification, and the free-to-use API provided below handles that task while simultaneously scanning files for millions of virus and malware signatures. All it takes is one request to detect a wide variety of attacks; you can easily set custom threat rules in the API request body to categorically block files with embedded scripts (along with a variety of other hidden threat types).

To structure your API call, simply copy and paste the below code (which leverages the built-in XHR request capability):

var data = new FormData();
data.append("inputFile", fileInput.files[0], "file");
 
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function() {
     if(this.readyState === 4) {
          console.log(this.responseText);
     }
});

xhr.open("POST", "https://api.cloudmersive.com/virus/scan/file/advanced");
xhr.setRequestHeader("allowExecutables", "<boolean>");
xhr.setRequestHeader("allowInvalidFiles", "<boolean>");
xhr.setRequestHeader("allowScripts", "<boolean>");
xhr.setRequestHeader("allowPasswordProtectedFiles", "<boolean>");
xhr.setRequestHeader("allowMacros", "<boolean>");
xhr.setRequestHeader("allowXmlExternalEntities", "<boolean>");
xhr.setRequestHeader("allowInsecureDeserialization", "<boolean>");
xhr.setRequestHeader("allowHtml", "<boolean>");
xhr.setRequestHeader("restrictFileTypes", "<string>");

xhr.setRequestHeader("Apikey", "YOUR-API-KEY-HERE");

xhr.send(data);

You can authenticate your requests with a free-tier Cloudmersive API key (to get one, register a free account — this comes with 800 API calls per month and no commitment).