What does the MIME Type regex match?

Matches a valid MIME type (type/subtype) with optional parameter, per RFC 2045.

Is the MIME Type regex ReDoS-safe?

Yes. Manually audited and tested against ReDoS attack strings. Anchors and possessive-style constraints prevent runaway backtracking paths.

Web & Network/Misc

Verified Safe

MIME Type Regex for JavaScript

/^(?:application|audio|font|image|model|multipart|text|video|message|x-[a-zA-Z0-9][a-zA-Z0-9!#$&\-^_]{0,30})/[a-zA-Z][a-zA-Z0-9!#$&\-^_.+]{0,100}(?:;\s*[a-zA-Z][a-zA-Z0-9\-]{0,30}=[^;\s]{1,50})*$/i

What this pattern does

This page provides a comprehensive, battle-tested regular expression for matching mime type, ported and verified for JavaScript. A rigorously tested regex reduces debugging time and protects your application from edge-case failures. The snippet below is ready to drop into your JavaScript project — whether you're validating in an Express middleware, a Next.js API route, or a client-side form.

Javascript Implementation

Javascript

// MIME Type
// ReDoS-safe | RegexVault — Web & Network > Misc

const mimeTypeRegex = /^(?:application|audio|font|image|model|multipart|text|video|message|x-[a-zA-Z0-9][a-zA-Z0-9!#$&\-^_]{0,30})\/[a-zA-Z][a-zA-Z0-9!#$&\-^_.+]{0,100}(?:;\s*[a-zA-Z][a-zA-Z0-9\-]{0,30}=[^;\s]{1,50})*$/i;

function validateMimeType(input: string): boolean {
  return mimeTypeRegex.test(input);
}

// Example
console.log(validateMimeType("text/html")); // true

Test Cases

Matches (Valid)	Rejects (Invalid)
`text/html`	`html`
`application/json`	`/json`
`image/png`	`application/`
`audio/mpeg`	`text html`
`text/html; charset=utf-8`	`application\json`
`application/vnd.ms-excel`	`bad-type/subtype`
`x-custom/type`	—

When to use this pattern

This pattern is drawn from the Web & Network > Misc category and carries a ReDoS-safe certification. That matters for JavaScript developers because especially critical in long-running Node.js event loops where a ReDoS vulnerability can block the entire process. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

MIME types are case-insensitive but should be normalized to lowercase for comparison. Never trust client-submitted Content-Type for security decisions — inspect file content directly.

Technical Notes

Top-level type is validated against IANA-defined values. x- prefix allows vendor/experimental types. Subtype may include vendor tree (vnd.), personal tree (prs.), or standard tree.

Have a pattern that belongs in the vault?

Submit it for review — community-verified patterns get credited to your GitHub handle. Free submissions join the queue. Priority review available for $15.

Submit a Pattern