Configure File Upload and Download Security Settings
|Knowledge Article Number||000193434|
|Description||For security reasons, your organization may want to configure the way some file types are handled during upload and download.|
|Resolution||This feature is available in All Editions except Database.com
To manage file upload and download settings:
1. Click Setup | Click Security Controls | File Upload and Download Security.
Note: The File Upload and Download Security page replaces another security settings page: HTML Documents
and Attachments Settings.
2. Click Edit.
3. To prevent users from uploading files that may pose a security risk, select Don't allow HTML uploads as attachment or document records. This security setting, if enabled, blocks users from uploading files with these extensions: .html, .htt, .mht, .svg, and .thtml.
Warning: Keep the following in mind when selecting Don't allow HTML uploads as attachment or document records:
• Do not enable this setting if your organization uses the partner portal to give your partner users access to Salesforce.
• HTML attachments are not permitted on solutions, regardless of whether this security setting is enabled. In addition, this setting does not affect attachments on email templates; HTML attachments on email templates are always permitted.
• After this setting is enabled, previously-uploaded HTML documents and attachments are unaffected. However, when users attempt to view an HTML attachment or document, their browser first prompts them to open the file in the browser, save it to their computer, or cancel the action.
4. Set download behavior for each file type.
• Download (recommended)—The file, regardless of file type, is always downloaded.
• Execute in Browser—The file is displayed and executed automatically when accessed in a browser or through an HTTP request.
• Hybrid—Attachments and document records execute in the browser. Salesforce CRM Content files and Chatter files are downloaded.
File types are defined by MIME types. This table specifies the file extensions associated with each MIME type:
5. Click Save.
The following file are now downloaded by default:
Administrators can Configure File Upload and Download Security Settings to change the default behavior.