File Upload and Download Security Settings

File Upload and Download Security Settings

Last Updated on March 22, 2022 by Rakesh Gupta

Salesforce allows us to upload various types of Documents. You can upload these documents  as an Attachment or in the Document’s section. Salesforce offers File storage for each edition. It includes files in attachments,  Document‘s tab, File‘s tab, File field, Salesforce CRM Content, Chatter (including user photos), and assets. For security reasons, you may configure the way some file types (like HTML) are handled during upload and download for your organization.

HTML Documents and Attachments Settings

Once you enable the setting, it doesn’t allow users to upload HTML files to the Document object or as an attachment. If you enable this feature users cannot upload following file extensions as a Document or an attachment; htm, html, htt, mhtm, mhtml, shtm, shtml, svg.

To enable this feature you can follow the below instructions

  1. Navigate on Setup | Security | File Upload and Download Security.
  2. Select Don’t allow HTML uploads as attachments or document records checkbox.
  3. Now, If some user will try to upload HTML file they will get an error, like below image

File Upload and Download Security

File Upload and Download Security provides you a way to control file upload and download settings. This feature is available in Developer, Performance, Enterprise, Professional, Contact Manager, Group , Unlimited editions except  

Configure File Upload and Download Security for your organization

To Configure this feature for your organization follow the below instructions

  1. Navigate on Setup | Security | File Upload and Download Security.
  2. Click on Edit.
  3. Now you can set download behavior for each File Type.
    1. Downloaded  (recommended) :- The file is always downloaded.
    2. Execute in browser:- The file is displayed and executed automatically when accessed in a browser or through an HTTP request.
    3. Hybrid:- Attachments and document records execute in the browser. Salesforce CRM Content files and Chatter files  are downloaded.
  4. Click Save.

Points to Remember

  1. This security setting, if enabled, blocks users from uploading files with these extensions: .html, .htt, .mht, .svg, and .thtml.
  2. Do not enable this setting if your organization uses the partner portalto give your partner users access to
  3. This setting does not affect attachments on email templates; HTML attachments on email templates are always permitted.
  4. After this setting is enabled, previously-uploaded HTML documents and attachments are unaffected. However, when users attempt to view an HTML attachment or document, their browser first prompts them to open the file in the browser, save it to their computer, or cancel the action.

Formative Assessment:

I want to hear from you!

What is one thing you learned from this post? How do you envision applying this new knowledge in the real world? Feel free to share in the comments below.

Have feedback, suggestions for posts, or need more information about Salesforce online training offered by me? Say hello, and leave a message!

Preferred Timing(required)

2 thoughts on “File Upload and Download Security Settings

  1. I got this site from my buddy who told me regarding this website and now this time I am browsing this web site and reading very informative articles or reviews at this time.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.