Hi:

 

We have considered that property.

 

But the mimetype is sent by the client , It is not trust-able.

 

For example,

 

If we provide a mime type check property , and allow only all "image/*" .

 

A programmer use that property , and do not check the file extension,

 

Then the web application would be very danger , because :

 

If the client send a file , filename is  hack.aspx , but the header data is CONTENT-TYPE:image/jpg

 

The Uploader would accept it, and the hack.aspx would store at server side and may be executed.

 

 

Regards , Terry.