Is it okay to rely on MIME TYPE when verifying using JavaScript if the file uploaded is of audio, video or image type?

I know that from security standpoint this is not safe. But I intend to use the javascript code for convenience. So just as a first pass. My goal is to avoid any false-positives i.e. it is fine if a malicious hacker manipulated the file to have the mime开发者_高级运维-types that I accept (because I will be doing a second pass on server side) but I I would want to prevent legal files being detected as problematic.

UPDATE

Prototype of a working solution http://jsfiddle.net/tankchintan/5EUjE/1/

It is OK so long as you are confirming the type on the server side.

Using it on the client will just be a convenience to the end user. How are you determining the mime type? If it is just on extension, then you may as well just check for a valid extension on the client side.

Update

It appears to be just mapping extensions to file types, as a png renamed as mp3 is mpeg/audio to the code.

So, ensure you validate the type on the server by checking the file's contents, not its extension.