How to Configure File Upload and Download Security Settings in Salesforce
To provide more security, control the way some file types are handled during upload and download.
To manage file upload and download settings:
- From Setup, enter File Upload and Download Security in the Quick Find box, then select File Upload and Download Security.
- Click Edit.
- To prevent users from uploading files that can pose a security risk, select Don’t allow HTML uploads as attachments or document records.
This setting blocks the upload of these MIME file types: .html
, and .xhtml
.(If your organization uses the partner portal to give your partner users access to Salesforce, we don’t recommend enabling this setting.)
- Set download behavior for each file type:
- Download (recommended): The file, regardless of file type, is always downloaded.
- Execute in Browser: The file, regardless of file type, is displayed and executed automatically when accessed in a browser or through an HTTP request.
- Hybrid: Salesforce Files are downloaded. Attachments and documents execute in the browser.
- Click Save.
This blog information is very useful to learn about File upload and download security settings in Salesforce.