/ 
Mojolicious-8.21
⭐ Starred 2674
/ Mojolicious::Types
Security Advisories (6)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojolicious::Types - MIME types

SYNOPSIS

use Mojolicious::Types;

my $types = Mojolicious::Types->new;
$types->type(foo => 'text/foo');
say $types->type('foo');

DESCRIPTION

Mojolicious::Types manages MIME types for Mojolicious.

appcache -> text/cache-manifest
atom     -> application/atom+xml
bin      -> application/octet-stream
css      -> text/css
gif      -> image/gif
gz       -> application/x-gzip
htm      -> text/html
html     -> text/html;charset=UTF-8
ico      -> image/x-icon
jpeg     -> image/jpeg
jpg      -> image/jpeg
js       -> application/javascript
json     -> application/json;charset=UTF-8
mp3      -> audio/mpeg
mp4      -> video/mp4
ogg      -> audio/ogg
ogv      -> video/ogg
pdf      -> application/pdf
png      -> image/png
rss      -> application/rss+xml
svg      -> image/svg+xml
txt      -> text/plain;charset=UTF-8
webm     -> video/webm
woff     -> font/woff
woff2    -> font/woff2
xml      -> application/xml,text/xml
zip      -> application/zip

The most common ones are already defined.

ATTRIBUTES

Mojolicious::Types implements the following attributes.

mapping

my $mapping = $types->mapping;
$types      = $types->mapping({png => ['image/png']});

MIME type mapping.

METHODS

Mojolicious::Types inherits all methods from Mojo::Base and implements the following new ones.

content_type

$types->content_type(Mojolicious::Controller->new, {ext => 'json'});

Detect MIME type for Mojolicious::Controller object unless a Content-Type response header has already been set, defaults to using the MIME type for the txt extension if no better alternative could be found. Note that this method is EXPERIMENTAL and might change without warning!

These options are currently available:

ext
ext => 'json'

File extension to get MIME type for.

file
file => 'foo/bar.png'

File path to get MIME type for.

detect

my $exts = $types->detect('text/html, application/json;q=9');

Detect file extensions from Accept header value.

# List detected extensions prioritized
say for @{$types->detect('application/json, text/xml;q=0.1', 1)};

file_type

my $type = $types->file_type('foo/bar.png');

Get MIME type for file path. Note that this method is EXPERIMENTAL and might change without warning!

type

my $type = $types->type('png');
$types   = $types->type(png => 'image/png');
$types   = $types->type(json => ['application/json', 'text/x-json']);

Get or set MIME types for file extension, alternatives are only used for detection.

SEE ALSO

Mojolicious, Mojolicious::Guides, https://mojolicious.org.