"文件上传安全与Web防护最佳实践"

文件上传安全与Web防护最佳实践概述通过类型双校验、隔离存储与内容清洗，可显著降低任意文件执行、存储型XSS与恶意脚本投递风险。安全基线限制尺寸与速率：`maxSize` 与上传速率门限类型与扩展名双校验：`Content-Type` 与白名单扩展一致隔离存储与不可执行：独立域名、无脚本执行、禁目录索引病毒扫描与图像安全：处理链前置扫描与像素级重编码类型与扩展校验type UploadPolicy = { maxSize: number allowedExt: string[] allowedMime: string[] } function validateUpload(name: string, mime: string, size: number, policy: UploadPolicy): boolean { if (size <= 0 || size > policy.maxSize) return false const ext = name.split('.').pop()?.toLowerCase() || '' if (!policy.allowedExt.includes(ext)) return false if (!policy.allowedMime.includes(mime.toLowerCase())) return false return true } 隔离与签名访问function buildIsolatedPath(uid: string, ext: string): string { const id = uid.replace(/[^a-zA-Z0-9]/g, '').slice(0, 32) return `/objects/${id.slice(0, 2)}/${id}.${ext}` } function signUrl(url: string, secret: string, ttlMs: number): string { const exp = Date.now() + ttlMs const msg = `${url}.${exp}.${secret}` const h = crypto.subtle.digestSync('SHA-256', new TextEncoder().encode(msg)) const s = Array.from(new Uint8Array(h)).map(b => b.toString(16).padStart(2, '0')).join('') return `${url}?exp=${exp}&sig=${s}` } 图像处理安全async function safeImageReencode(input: ArrayBuffer): Promise<ArrayBuffer> { const img = await decodeImage(input) const canvas = drawPixels(img) return await encodeImage(canvas, { format: 'png', quality: 0.9 }) } 运维与审计独立静态域开启严格CSP与禁JS执行存储访问使用短期签名URL与最小权限凭证记录上传IP、指纹、哈希与扫描结果用于追溯以上流程在通用Web场景中可实现低成本且高收益的上传安全防护。