The list looks pretty extensive…
// Define an initial allowed extensions array
$allowlist_tumult_hype_animations = array(
'images' => array(
'jpg',
'jpeg',
'png',
'gif',
'bmp',
'apng',
'heic',
'heif',
'ico',
'svg',
'svgz',
'tif',
'tiff',
'webp',
'webm',
'psd',
'htc', // for ie compatibility
'pie', // for ie compatibility
),
'audio' => array(
'mp3',
'wav',
'aif',
'ogg',
'aac',
'mid',
'midi',
'oga',
'opus',
'weba',
'flac',
'aiff',
),
'video' => array(
'mp4',
'avi',
'mov',
'3g2',
'3gp',
'ogv',
'mpg',
'm4a',
'm4v',
'm4p',
'mpeg',
'hevc',
'm3u8',
'mpkg',
'mkv',
'wmv',
'flv',
'wma',
),
'fonts' => array(
'ttf',
'otf',
'woff',
'woff2',
'eot',
'ttc',
),
'documents' => array(
'doc',
'docx',
'pdf',
'txt',
'rtf',
'rtx',
'csv',
'srt',
'vtt',
'xls',
'xlsx',
'ods',
'odt',
'ppt',
'pptx',
'epub',
'odp',
'key',
'xhtml',
'usdz',
),
'scripts' => array(
'js',
'map', // source map
'mjs',
'json',
'jsonld',
),
'stylesheets' => array(
'css',
'sass',
'scss',
'less',
'stylus',
),
'other' => array(
'html',
'htm',
'plist', // recoverable Tumult Hype plist file
'xml',
'yaml',
'ics',
'vsd',
'pps',
'ppsx',
),
);
I was wondering if “svg” would be considered a safe file. That might be considered a problem because it could include JavaScript… but since this is Hype land, “js” is already there.
I was thinking usdz, but that's in the “documents”.
Here are just some ideas for discussion…
- Apple extensions… .numbers, .pages, .key
- .htaccess… usage seems unlikely and might actually be a security risk
- swf… ha ha, since IE related files are there already
I don't really need those. It's just for discussion.
Also, here's a nice page about a list of web extensions… Common MIME types - HTTP | MDN …but it looks like you got the good ones already.