diff --git a/src/vaadin-upload.html b/src/vaadin-upload.html
index ee58fd6..0eb9689 100644
--- a/src/vaadin-upload.html
+++ b/src/vaadin-upload.html
@@ -754,7 +754,10 @@
return;
}
const fileExt = file.name.match(/\.[^\.]*$|$/)[0];
- const re = new RegExp('^(' + this.accept.replace(/[, ]+/g, '|').replace(/\/\*/g, '/.*') + ')$', 'i');
+ // Escape regex operators common to mime types
+ const escapedAccept = this.accept.replace(/[+.]/g, '\\$&');
+ // Create accept regex that can match comma separated patterns, star (*) wildcards
+ const re = new RegExp(`^(${escapedAccept.replace(/[, ]+/g, '|').replace(/\/\*/g, '/.*')})$`, 'i');
if (this.accept && !(re.test(file.type) || re.test(fileExt))) {
this.dispatchEvent(
new CustomEvent('file-reject', {
diff --git a/test/adding-files.html b/test/adding-files.html
index a37b8eb..3f6707b 100644
--- a/test/adding-files.html
+++ b/test/adding-files.html
@@ -321,6 +321,20 @@
upload._addFiles([file]);
expect(upload.files.length).to.equal(1);
});
+
+ it('should allow files when using regex operators in accept string', () => {
+ file = createFile(testFileSize, 'image/svg+xml');
+ upload.accept = 'image/svg+xml';
+ upload._addFiles([file]);
+ expect(upload.files.length).to.equal(1);
+ });
+
+ it('should reject files when accept contains regex single character wildcard and file type is not an exact match', () => {
+ file = createFile(testFileSize, 'application/vndxms-excel');
+ upload.accept = 'application/vnd.ms-excel';
+ upload._addFiles([file]);
+ expect(upload.files.length).to.equal(0);
+ });
});
});