Specify a MIME Type for Blob Objects in Lightning Web Security

Lightning Web Security (LWS) requires you to set the MIME type when you create Blob objects. LWS permits some MIME types, sanitizes some MIME types, and blocks the rest.

Set the MIME type explicitly when you create a Blob object.

If you don’t set the type, the object isn’t created with the expected content.

LWS allows these MIME types, the same as Lightning Locker.

  • application/octet-stream — Default value for binary files
  • application/json — JSON format
  • application/pdf — Portable Document Format (.pdf)
  • video/ — All video/* mime types
  • audio/ — All audio/* mime types
  • image/ — All image/* mime types
  • font/ — All font/* mime types
  • text/plain — Text (.txt)
  • text/markdown — Markdown (.md)
  • application/zip — Zip archive (.zip)
  • application/x-bzip — Bzip archive (.bz)
  • application/x-rar-compressed — RAR archive (.rar)
  • application/x-tar — Tape archive (.tar)

LWS sanitizes text/html, image/svg+xml, and text/xml MIME types. These types are permitted but LWS removes potentially malicious code.

Any other types are blocked with the error message Unsupported MIME type.

To send binary files that aren’t explicitly permitted, specify the MIME type as application/octet-stream.