Embroidery files travel between machines, shops, and customers — which means they pick up the same risks any other shared file does. ValidStitch runs a safety pass on every upload before the parser touches the bytes.
What we check
- Malware signature scan (known-bad file patterns) against every upload regardless of declared type.
- Embedded-script detection on SVG uploads: <script> tags, foreignObject blocks, javascript: URLs, and other vector-injection patterns. SVGs that contain scripts are rejected.
- File-size cap (currently 200 MB per file). Larger files are rejected with a clear message rather than hanging the upload.
- Encrypted or password-protected files (commonly seen on licensed-character PES designs from some vendors). We surface a clear error rather than silently failing to parse.
- Truncated downloads (header parses but stitch records cut off mid-design). Flagged as 'incomplete stitch records' so you re-download instead of validating a partial file.