Allowing users to upload any file type poses significant security risks. Malicious files, like .exe files, can execute harmful code, steal sensitive information, or damage systems. By restricting file uploads to specific, safe types (e.g., .pdf, .docx, .jpg), you can mitigate these risks and protect your application and data. In this blog post, we'll walk through a solution to validate file types in Power Apps' attachment control, ensuring only allowed extensions are uploaded.

Defining allowed file types:

We will create a table that defines allowed file types. This will allow our application to be scalable in case the business requirement changes. Defining allowed file types ensures compliance with security policies and protects against malicious uploads.

AllowedExtensions: [".pdf",".docx"]

Validate the File Extension

Under the OnAddFile property of your attachment control, add the formula below:

With(
    {
        AllowedExtensions: [
            ".pdf",
            ".docx"
        ],
        FileName: Lower(Last(Self.Attachments).Name)
    },
    If(
        CountIf(
            AllowedExtensions,
            EndsWith(
                FileName,
                ThisRecord.Value
            )
        ) = 0,
        Notify(
            FileName & " is not allowed. Only " & Concat(
                AllowedExtensions,
                Value,
                ", "
            ) & " is allowed",
            NotificationType.Error
        )
    )
)

This code snippet checks if the last uploaded file has an allowed extension. If not, it notifies the user with a customizable error message.

Final steps

Customize the error message, allowed extension and adjust the post validation steps to fit your application's design theme and specific requirements. Test thoroughly to ensure the validation effectively restricts disallowed file types.