MIME Types Permitted
Lightning Locker analyzes the MIME types used in Blob objects. Locker permits some MIME types, sanitizes some MIME types, and blocks the rest.
Lightning Locker allows these MIME types.
application/octet-stream
— Default value for binary filesapplication/json
— JSON formatapplication/pdf
— Portable Document Format (.pdf)video/
— Allvideo/*
mime typesaudio/
— Allaudio/*
mime typesimage/
— Allimage/*
mime typesfont/
— Allfont/*
mime typestext/plain
— Text (.txt)text/markdown
— Markdown (.md)application/zip
— Zip archive (.zip)application/x-bzip
— Bzip archive (.bz)application/x-rar-compressed
— RAR archive (.rar)application/x-tar
— Tape archive (.tar)
Locker sanitizes text/html
, image/svg+xml
, and text/xml
MIME types. These types are permitted but Locker removes potentially malicious code.
Any other types are blocked with the error message Unsupported MIME type
.
To send binary files that are not explicitly permitted, specify the MIME type as application/octet-stream
.
Lightning Web Security (LWS) requires you to specify the MIME type. See Specify a MIME Type for Blob Objects in LWS.