文件上传安全与Web防护最佳实践

文件上传安全与Web防护最佳实践概述通过类型双校验、隔离存储与内容清洗，可显著降低任意文件执行、存储型XSS与恶意脚本投递风险。安全基线限制尺寸与速率：`maxSize` 与上传速率门限类型与扩展名双校验：`Content-Type` 与白名单扩展一致隔离存储与不可执行：独立域名、无脚本执行、禁目录索引病毒扫描与图像安全：处理链前置扫描与像素级重编码类型与扩展校验type UploadPolicy = {

maxSize: number

allowedExt: string[]

allowedMime: string[]

}

function validateUpload(name: string, mime: string, size: number, policy: UploadPolicy): boolean {

if (size <= 0 || size > policy.maxSize) return false

const ext = name.split('.').pop()?.toLowerCase() || ''

if (!policy.allowedExt.includes(ext)) return false

if (!policy.allowedMime.includes(mime.toLowerCase())) return false

return true

}

隔离与签名访问function buildIsolatedPath(uid: string, ext: string): string {

const id = uid.replace(/[^a-zA-Z0-9]/g, '').slice(0, 32)

return `/objects/${id.slice(0, 2)}/${id}.${ext}`

}

function signUrl(url: string, secret: string, ttlMs: number): string {

const exp = Date.now() + ttlMs

const msg = `${url}.${exp}.${secret}`

const h = crypto.subtle.digestSync('SHA-256', new TextEncoder().encode(msg))

const s = Array.from(new Uint8Array(h)).map(b => b.toString(16).padStart(2, '0')).join('')

return `${url}?exp=${exp}&sig=${s}`

}

图像处理安全async function safeImageReencode(input: ArrayBuffer): Promise<ArrayBuffer> {

const img = await decodeImage(input)

const canvas = drawPixels(img)

return await encodeImage(canvas, { format: 'png', quality: 0.9 })

}

运维与审计独立静态域开启严格CSP与禁JS执行存储访问使用短期签名URL与最小权限凭证记录上传IP、指纹、哈希与扫描结果用于追溯以上流程在通用Web场景中可实现低成本且高收益的上传安全防护。