diff --git a/app/controllers/assets_controller.rb b/app/controllers/assets_controller.rb
index 54965a2e6..3b2155550 100644
--- a/app/controllers/assets_controller.rb
+++ b/app/controllers/assets_controller.rb
@@ -114,7 +114,8 @@ class AssetsController < ApplicationController
       fields: s3_post.fields
     })
 
-    if (asset.file_content_type =~ /^image\//) == 0
+    if (asset.file_content_type =~
+      %r{/^image\/#{Constants::WHITELISTED_IMAGE_TYPES.join("|")}/}) == 0
       asset.file.options[:styles].each do |style, option|
         s3_post = S3_BUCKET.presigned_post(
           key: asset.file.path(style)[1..-1],
diff --git a/app/models/asset.rb b/app/models/asset.rb
index 3315d59d7..50b91b5e5 100644
--- a/app/models/asset.rb
+++ b/app/models/asset.rb
@@ -138,7 +138,8 @@ class Asset < ActiveRecord::Base
   end
 
   def is_image?
-    !(self.file.content_type =~ /^image/).nil?
+    !(file.content_type =~
+      %r{/^image\/#{Constants::WHITELISTED_IMAGE_TYPES.join("|")}/}).nil?
   end
 
   def text?
diff --git a/config/initializers/constants.rb b/config/initializers/constants.rb
index b6c48d551..57b75dee8 100644
--- a/config/initializers/constants.rb
+++ b/config/initializers/constants.rb
@@ -201,6 +201,8 @@ class Constants
     'text/plain'
   ].freeze
 
+  WHITELISTED_IMAGE_TYPES = ['gif', 'jpeg', 'png', 'svg+xml', 'bmp'].freeze
+
   # Very basic regex to check for validity of emails
   BASIC_EMAIL_REGEX = /^[^@]+@[^@]+\.[^@]+$/