Drag and drop bypasses accepted file type restrictions in File Upload component #1652
Description
I'm implementing file type restrictions using the Accepted Formats property in the File Upload component configuration in Screen Flow to allow only specific file types.
While the file picker correctly filters and only displays the allowed file types when I click to upload, I’ve noticed that I can still drag and drop files of unsupported types, and the component accepts them without any error or validation.*
Security Concern:
This issue was flagged during a penetration testing audit, which revealed that the current implementation allows users to bypass file type restrictions and potentially upload harmful or malicious files. This poses a significant security risk, especially in environments with strict compliance requirements.