I'm doing a form to collect user data in a web application, in which you can add an avatar through a input file . This I have limited to accept only files with extensions corresponding to images but my doubt lies in that I can create a file with script and give an extension .jpg for example and of course with this my application swallows.
I can analyze the image
const reader = new FileReader();
reader.onload = (event: any) => {
console.log(event);
this.avatarUrl = event.target.result;
console.log(this.avatarUrl);
};
reader.readAsDataURL(this.avatarSelected);
but when analyzing it I can not find anything to attack to differentiate real images of scripts hidden.
Graciñas in advance for the answers.