diff --git a/packages/realtime-compiler/src/Http/DashboardController.php b/packages/realtime-compiler/src/Http/DashboardController.php
index 2f30e34b4b5..3654aae48f4 100644
--- a/packages/realtime-compiler/src/Http/DashboardController.php
+++ b/packages/realtime-compiler/src/Http/DashboardController.php
@@ -326,7 +326,7 @@ protected function openMediaFileInEditor(MediaFile $file): void
             $binary = $this->findGeneralOpenBinary();
             $path = $file->getAbsolutePath();
 
-            if (! in_array($file->getExtension(), ['png', 'svg', 'jpg', 'jpeg', 'gif', 'ico'])) {
+            if (! in_array($file->getExtension(), ['png', 'svg', 'jpg', 'jpeg', 'gif', 'ico', 'css', 'js'])) {
                 $this->abort(403, sprintf("Refusing to open unsafe file '%s'", basename($path)));
             }