Allowed Extensions
editor.import.extensionsrequires Release 2.8.0 or above.
Configure the file extensions allowed for import and upload.
Import
// Pre-2.18.0 default
'editor.import.extensions': ['docx', 'doc', 'hwp', 'hml', 'html', 'htm', 'txt', 'xls', 'xlsx', 'odt']
// 2.18.0+ default
'editor.import.extensions': ['docx', 'doc', 'hwp', 'hwpx', 'hml', 'html', 'htm', 'txt', 'xls', 'xlsx', 'odt']
// 3.0.0+ default
'editor.import.extensions': ['docx', 'doc', 'hwp', 'hwpx', 'hml', 'html', 'htm', 'txt', 'xls', 'xlsx', 'odt', 'ppt', 'pptx']
// Example
'editor.import.extensions': ['docx', 'hwpx', 'xlsx', 'pptx']
Image Upload
// default
'editor.upload.image.extensions': ['jpg', 'gif', 'png', 'jpeg']
// example
'editor.upload.image.extensions': ['jpg', 'png']
Video Upload
// default
'editor.upload.video.extensions': ['mp4', 'ogg', 'webm']
// example
'editor.upload.video.extensions': ['mp4']
Generic File Upload
Security note
- Document formats (
doc,docx,ppt,pptx,xls,xlsx,rtf,odt,ods,odp,hwp,hwpx, etc.) — may contain macros / scripts. Prefer import-only.- Markup / styling (
xml,css,svg,textile,html) — XSS / script injection risk.- Executable / embedded (
swf,eof) — may be directly executable or unsafe.
// Pre-3.2.2509 default (extensive list)
'editor.upload.file.extensions': [
'bmp', 'css', 'csv', 'diff', 'doc',
'docx', 'eof', 'gif', 'jpeg', 'jpg',
'json', 'mp3', 'mp4', 'm4a', 'odp',
'ods', 'odt', 'ogg', 'otf', 'patch',
'pdf', 'png', 'ppt', 'pptx', 'rtf',
'svg', 'swf', 'textile', 'tif', 'tiff',
'ttf', 'txt', 'wav', 'webm', 'woff',
'xls', 'xlsx', 'xml', 'md', 'vtt',
'hwp', 'hml', 'html'
]
// 3.2.2509 / 2.20.2509+ default (restricted, safer)
'editor.upload.file.extensions': [
'bmp', 'gif', 'jpeg', 'jpg', 'png', 'tif', 'tiff', 'webp',
'mp3', 'mp4', 'm4a', 'ogg', 'wav', 'webm',
'txt'
]