How to Identify Invalid File Upload Threats in JavaScript

Validating document uploads is a necessity for any application. Invalid documents cause lots of problems, and they’re also a common attack vector exploited by threat actors. Using the below code, you can take advantage of an API that identifies invalid documents AND scans files for millions of virus and malware threats in a single request. Setting the “allowInvalidFiles” parameter to “False” will return a “CleanResult: False” value in the API response body, making it easy to remove dangerous & misleading files from your file upload process.

You can easily structure your API call by copying the below ready-to-run code (this leverages XHR request capabilities):

var data = new FormData();
data.append("inputFile", fileInput.files[0], "file");
 
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function() {
     if(this.readyState === 4) {
          console.log(this.responseText);
     }
});

xhr.open("POST", "https://api.cloudmersive.com/virus/scan/file/advanced");
xhr.setRequestHeader("allowExecutables", "<boolean>");
xhr.setRequestHeader("allowInvalidFiles", "<boolean>");
xhr.setRequestHeader("allowScripts", "<boolean>");
xhr.setRequestHeader("allowPasswordProtectedFiles", "<boolean>");
xhr.setRequestHeader("allowMacros", "<boolean>");
xhr.setRequestHeader("allowXmlExternalEntities", "<boolean>");
xhr.setRequestHeader("allowInsecureDeserialization", "<boolean>");
xhr.setRequestHeader("allowHtml", "<boolean>");
xhr.setRequestHeader("restrictFileTypes", "<string>");

xhr.setRequestHeader("Apikey", "YOUR-API-KEY-HERE");

xhr.send(data);

You can authenticate your request for free (with a limit of 800 API calls per month & no commitment) with a free-tier Cloudmersive API key. That’s all there is to it — now you have a quick & easy solution to protect your web applications from a variety of file upload threats.