Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/pkgsite: image in readme and privacy #43114

Closed
pierrre opened this issue Dec 10, 2020 · 2 comments
Closed

x/pkgsite: image in readme and privacy #43114

pierrre opened this issue Dec 10, 2020 · 2 comments

Comments

@pierrre
Copy link

@pierrre pierrre commented Dec 10, 2020

If a readme includes images, they're showed directly on pkg.go.dev.
It could cause privacy/security issue:

  • the image could be used to track users (statistics/IP/etc...)
  • if the image is "malicious", and the web browser has a bug, it could crash it, or execute arbitrary code

We should probably have an image proxy (similar to what Github does).

I'm surprised nobody reported it already.
I haven't found any similar issue on the tracker.
Maybe I didn't search correctly.

@gopherbot gopherbot added the pkgsite label Dec 10, 2020
@gopherbot gopherbot added this to the Unreleased milestone Dec 10, 2020
@jamalc jamalc modified the milestones: Unreleased, pkgsite/unplanned Dec 10, 2020
@julieqiu
Copy link
Contributor

@julieqiu julieqiu commented Dec 10, 2020

Closing this as a duplicate of #37128.

@julieqiu julieqiu closed this Dec 10, 2020
@pierrre
Copy link
Author

@pierrre pierrre commented Dec 11, 2020

sorry for the duplicate, I couldn't find this other issue in my search.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants