MIME Types Permitted

Lightning Locker analyzes the MIME types used in Blob objects. Locker permits some MIME types, sanitizes some MIME types, and blocks the rest.

Lightning Locker allows these MIME types.

  • application/octet-stream — Default value for binary files
  • application/json — JSON format
  • application/pdf — Portable Document Format (.pdf)
  • video/ — All video/* mime types
  • audio/ — All audio/* mime types
  • image/ — All image/* mime types
  • font/ — All font/* mime types
  • text/plain — Text (.txt)
  • text/markdown — Markdown (.md)
  • application/zip — Zip archive (.zip)
  • application/x-bzip — Bzip archive (.bz)
  • application/x-rar-compressed — RAR archive (.rar)
  • application/x-tar — Tape archive (.tar)

Locker sanitizes text/html, image/svg+xml, and text/xml MIME types. These types are permitted but Locker removes potentially malicious code.

Any other types are blocked with the error message Unsupported MIME type.

To send binary files that are not explicitly permitted, specify the MIME type as application/octet-stream.

Lightning Web Security (LWS) requires you to specify the MIME type. See Specify a MIME Type for Blob Objects in LWS.