Sudipta Deb

Sudipta Deb

Founder of Technical Potpourri, Co-Founder of Shrey Tech, Enterprise Cloud Architect

Watch The Video Or Read The Article (or do Both)

Understand The Requirement

While working in Salesforce, we sometimes come up with the requirements where we need to build some sort of validation to restrict uploading files with specific extensions or in other words, allow only approved file types/extensions. This is very important because uploading executing or javascript code can bring potential security concerns by exposing internal data to outside world.

So allowing only certain type of files for upload is a very common requirement. In this blog post, I am sharing couple of solutions with pros and cons to implement this requirement.

Understand The Places From Where We Can Upload Files

We can upload files from these below different places in Salesforce.

  • Upload from any record’s Notes & Attachment related list.
  • Upload from Chatter notes.
  • Upload from Experience Cloud page.
  • Upload from Screen Flow using Salesforce’s Upload component.
  • Upload from any custom lightning web component.

Understand Solution For Each Of The Above Scenarios

  • When uploading from any record’s Notes & Attachment related list, you can create validation rule to restrict.
  • When uploading from Chatter note, you can create Apex Trigger to restrict.
  • When uploading from Experience Cloud pages, you can create Apex Trigger to restrict.
  • When uploading from Flow Screen, you can configure flow upload component to allow certain type of files only.
  • When uploading from custom built lightning web component, you can check the type of files inside your lightning web component code.

Solution Approach – I (Declarative Approach)

We can create a validation rule on Content Version Object to check for FileType and if the type of the file is not any of blocked file type, we can throw the error message. This solution is a very straight forward declarative implementation. The validation rule will look something like –

Even though this solution looks very straightforward, there are couple of limitations with this solution.

  • With this approach we can not modify the error message. The error message you mention in the validation rule will not appear, rather error message will always be like – Can’t upload Filename
  • The validation rule for ContentVersion object works on desktop browser, but does not work on experience site using mobile browser. Solution is to implement/use apex trigger against ContentVersion object. (Refer: this)

Solution Approach – II (Flow)

In this approach, when we will use the file upload component inside your screen flow, we need to configure to include allowed file types.  In the Accepted Formats field, enter a comma-separated list of the file extensions that users can upload.

Solution Approach – III (Apex – Programmatic)

In this approach, we can create the trigger on ContentVersion object or FeedItem object to check for the File Type (after context) and throw the error message. Before implementing this, it makes sense to understand the related objects quickly

Understand Related Objects

Three distinct objects—ContentVersion, ContentDocument, and ContentDocumentLink—underlie the Files data model. In the simplest terms imaginable, this is what they stand for:

  • In Salesforce, a single file is represented by the parent object of ContentVersion and ContentDocumentLink, which is ContentDocument.
  • All of the file’s versions, both historical and current, are represented by ContentVersion records.
  • ContentDocumentLink denotes the connection to the entities—users, groups, records, or libraries—with which the file is shared.

Trigger On ContentVersion Object

We can write the trigger on ContentVersion object as shown below. In this scenario, my trigger is allowing only certain type of files to be uploaded.

Trigger On FeedItem Object

If users are uploading documents from feed, we need to write trigger in FeedItem object to restrict or allow certain type of files. Sample code is shown below where I am allowing certain type of files to be uploaded.


I hope this post will help to choose solutions that fit bests for your requirement. If you have any question/feedback or if you have any other solution, please let me know in the comment section. Thank you and happy learning.


This article is not endorsed by Salesforce, Google, or any other company in any way. I shared my knowledge on this topic in this blog post. Please always refer to Official Documentation for the latest information.


  1. Tushar Shirsath

    Very INformative, coverl all the poins, thank you.

  2. Tushar Jain

    Very well written 👏


Submit a Comment

Your email address will not be published. Required fields are marked *