So, I’m having a real problem here and I don’t know how to solve it.
My Airtable base receives data from clients/users using, of course, the Airtable form. The problem is: you can’t limit or restrict what the user is sending as a attachment. (IMO that’s a HUGE flaw, not only because isn’t safe but also compromises the reliability but that’s not what I came here for).
What I think it may work is: maybe I could run a script that verify the file or files in attachment field and deletes if that type of file isn’t in my whitelist (PNG and JPEG).
Yet, I have not a single ideia of how to build that script, beside knowing that has to be in Javascript. Also I don’t even know if it is feasible. Has anyone ever tried that? Does anyone knows somekind of workaround?
Page 1 / 1
Welcome back to the Airtable community!
Yes, you can run a script that checks the number and type of files in an attachment field. The script could then remove any files that are either the wrong file type or exceed the desired number of attachments.
Some considerations:
There are two ways of identifying the file type. You can look for the extension on the file name, or you can look at the “type” property. However, there is no guarantee that the extension on the filename is accurate, and the “type” property doesn’t always exist.
While you can remove attachments from the record, the actual file will remain on Airtable’s servers and probably count against your attachment space until it ages out of your base history.
While a script can determine the current order of the attachments, it cannot determine the order in which the attachments were created. For example, you can identify the last attachment, but any editor could have re-ordered the attachments after they were attached.
Scripts can be run by clicking a button, or automatically based on triggers. When run automatically, you have to be very careful with the trigger, because attachments can take several seconds to become fully attached, and running the script while the attachment process is in progress can produce unexpected results.
You say that you do not know how to build the script. Do you want to learn to write a script yourself, or do you have budget to hire someone else to write the script for you?
There are also “no-code” options that you can use that involve formula fields and automations. However, coming up with the proper formulas can be as tricky as writing code.
Fillout is 100% free, and it offers hundreds of features that Airtable’s native forms don’t offer, including all sort of control over attachments.
Check out my screenshot below, and you will see that you can specify the number of files that you are accepting, you can specify maximum file sizes, and you can specify allowed file types.
Fillout also offers so many other things for Airtable, such as the ability to update Airtable records using a form, display Airtable lookup fields on forms, control access to a form via SSO or email domains, perform math or other live calculations on your forms, accept payments on forms, collect signatures on a form, create multi-page forms with conditional paths, create new linked records on a form, connect a single form to dozens of external apps simultaneously, add CAPTCHAs to your form, and much more.
I show how to use a few of the advanced features of Fillout on these 2 Airtable podcast episodes:
Yes, you can run a script that checks the number and type of files in an attachment field. The script could then remove any files that are either the wrong file type or exceed the desired number of attachments.
Some considerations:
There are two ways of identifying the file type. You can look for the extension on the file name, or you can look at the “type” property. However, there is no guarantee that the extension on the filename is accurate, and the “type” property doesn’t always exist.
While you can remove attachments from the record, the actual file will remain on Airtable’s servers and probably count against your attachment space until it ages out of your base history.
While a script can determine the current order of the attachments, it cannot determine the order in which the attachments were created. For example, you can identify the last attachment, but any editor could have re-ordered the attachments after they were attached.
Scripts can be run by clicking a button, or automatically based on triggers. When run automatically, you have to be very careful with the trigger, because attachments can take several seconds to become fully attached, and running the script while the attachment process is in progress can produce unexpected results.
You say that you do not know how to build the script. Do you want to learn to write a script yourself, or do you have budget to hire someone else to write the script for you?
There are also “no-code” options that you can use that involve formula fields and automations. However, coming up with the proper formulas can be as tricky as writing code.
Yes, I think it would better to identify by the “type”, extensions can be bypassed if anyone with bad intentions is willing.
I’m ok dealing with the attachment space being in part consumed by this.
This third point is weird to me, but I think I can have a table where I receive the attachments and validate them, after the validation script, another automation can copy the field to the table where my editors can move it arround.
And the fourth, it needs to be automatic, after some projects kick off, I will be receiving more than 100 registers day after day.
I would love to learn by myself, sadly I dont think that my learning speed will be enough, since the compliance team will give it a look into Airtable again in the next week. I already have a developer that could do that for me, but he charges by the hour, that’s why I’m trying to understand the issue as much as possible.
Thanks for your response, now I know that’s feasible, I was thinking maybe wouldn’t be,
@kuovonne gave you a ton of incredible guidance above, and she’s the expert at writing Javascripts too, if you have the budget to hire someone!
Alternatively, you may just want to use JotForm for your form, which has native Airtable integration and has full control over attachments — you can specify which file types are allowed to be uploaded, and you can specify a maximum file size.
Here is their support article on “How to Create File Upload Forms”:
Yes, I think it would better to identify by the “type”, extensions can be bypassed if anyone with bad intentions is willing.
I’m ok dealing with the attachment space being in part consumed by this.
This third point is weird to me, but I think I can have a table where I receive the attachments and validate them, after the validation script, another automation can copy the field to the table where my editors can move it arround.
And the fourth, it needs to be automatic, after some projects kick off, I will be receiving more than 100 registers day after day.
I would love to learn by myself, sadly I dont think that my learning speed will be enough, since the compliance team will give it a look into Airtable again in the next week. I already have a developer that could do that for me, but he charges by the hour, that’s why I’m trying to understand the issue as much as possible.
Thanks for your response, now I know that’s feasible, I was thinking maybe wouldn’t be,
If you use automations, you will burn through automations very quickly.
(100 registers / day) * (31 days/month) = 3,100. If each registration requires multiple automation runs, multiple 3,100 time the number of automations runs required for all the processing. You are still well below the 50,000 run limit of a pro workspace, but if you have many other automations, you need to be careful. Keep in mind that automation run limit is per workspace (not per base), and if you run out, there is no way to buy more to finish out the month.
Good to know. If your developer is not yet familiar with scripting in Airtable, the developer documentation is an essential resource.
I second @ScottWorld’s recommendation to look into JotForm.
