How to Check File Uploads for Macros using JavaScript

Allowing file uploads containing macros into your system is a risky business. If a document contains malicious macros, all it takes is for a downstream user to open & enable the macro for a full-blown malware attack to occur.

Using the below code, you can elect to allow or disallow macros in your upload process while simultaneously scanning files for millions of virus and malware signatures. Setting the “allowMacros” parameter to “false” will return a “CleanResult: False” response for documents with Macros built-in, making it easy to remove those files from your upload process.

You can copy from the JavaScript examples below to structure your API call, and you can then authenticate your request with a free-tier API key (this allows up to 800 API calls per month):

var data = new FormData();
data.append("inputFile", fileInput.files[0], "file");
 
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function() {
     if(this.readyState === 4) {
          console.log(this.responseText);
     }
});

xhr.open("POST", "https://api.cloudmersive.com/virus/scan/file/advanced");
xhr.setRequestHeader("allowExecutables", "<boolean>");
xhr.setRequestHeader("allowInvalidFiles", "<boolean>");
xhr.setRequestHeader("allowScripts", "<boolean>");
xhr.setRequestHeader("allowPasswordProtectedFiles", "<boolean>");
xhr.setRequestHeader("allowMacros", "<boolean>");
xhr.setRequestHeader("allowXmlExternalEntities", "<boolean>");
xhr.setRequestHeader("allowInsecureDeserialization", "<boolean>");
xhr.setRequestHeader("allowHtml", "<boolean>");
xhr.setRequestHeader("restrictFileTypes", "<string>");

xhr.setRequestHeader("Apikey", "YOUR-API-KEY-HERE");

xhr.send(data);

Now you can customize threat rules and protect your file upload process from a variety of virus, malware and hidden content threats.