Add URL validation for image upload by URL input #3222
Labels
Enhancement
Enhance performance or improve usability of original features.
Need Discussion
Need discussion or investigation
Version
Write the version that you are currently using.
@toast-ui/vue-editor: 3.2.3
Development Environment
Write the browser type, OS and so on.
Mas OS Sonoma14.0
Current Behavior
When we add image by URL input, it's fine to add image by URL such as "https" or "http". However, we can add an image by this URL input with data URL format such as
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAB3oAAAK1CAYAAAAuQ+8vAAABX2lDQ1...
This is unexpected action but this URL input not covered by addImageBlobHook so it's difficult to validate it.
Expected Behavior
Write a description of the future action.
I propose this URL input validation by "https" and "http" to filter unexpected embedding dataURI.
It's not difficult and it's probably more secure.
The text was updated successfully, but these errors were encountered: