Files with these MIME types will never be allowed as uploads if $wgVerifyMimeType is enabled.
This configuration parameter was previously called $wgMimeTypeBlacklist .
MediaWiki version:≥ 1.41
$wgMimeTypeExclusions = [ # HTML may contain cookie-stealing JavaScript and web bugs 'text/html', # Similarly with JavaScript itself 'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript', # PHP scripts may execute arbitrary code on the server 'application/x-php', 'text/x-php', # Other types that may be interpreted by some servers 'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh', # Client-side hazards on Internet Explorer 'text/scriptlet', 'application/x-msdownload', # Windows metafile, client-side vulnerability on some systems 'application/x-msmetafile', # Files that look like java files 'application/java', # XML files generally - T341565 'application/xml', 'text/xml', ];MediaWiki versions:
1.39 – 1.40
$wgMimeTypeExclusions = [ # HTML may contain cookie-stealing JavaScript and web bugs 'text/html', # Similarly with JavaScript itself 'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript', # PHP scripts may execute arbitrary code on the server 'application/x-php', 'text/x-php', # Other types that may be interpreted by some servers 'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh', # Client-side hazards on Internet Explorer 'text/scriptlet', 'application/x-msdownload', # Windows metafile, client-side vulnerability on some systems 'application/x-msmetafile', # Java applets are no longer supported by browsers and may contain cookie-stealing code, similarly to JavaScript 'application/java' ];MediaWiki versions:
1.37 – 1.38
$wgMimeTypeExclusions = [ # HTML may contain cookie-stealing JavaScript and web bugs 'text/html', # Similarly with JavaScript itself 'application/javascript', 'text/javascript', 'text/x-javascript', 'application/x-shellscript', # PHP scripts may execute arbitrary code on the server 'application/x-php', 'text/x-php', # Other types that may be interpreted by some servers 'text/x-python', 'text/x-perl', 'text/x-bash', 'text/x-sh', 'text/x-csh', # Client-side hazards on Internet Explorer 'text/scriptlet', 'application/x-msdownload', # Windows metafile, client-side vulnerability on some systems 'application/x-msmetafile', ];
If you wanted to allow HTML files to be uploaded:
$wgFileExtensions[] = 'html'; $wgProhibitedFileExtensions = array_diff( $wgProhibitedFileExtensions, [ 'html' ] ); $wgMimeTypeExclusions = array_diff( $wgMimeTypeExclusions, [ 'text/html' ] );
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4