Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit our supported image formats. #8406

Closed
Ms2ger opened this issue Nov 8, 2015 · 4 comments
Closed

Limit our supported image formats. #8406

Ms2ger opened this issue Nov 8, 2015 · 4 comments
Labels
A-content/images Interacting with images from web content C-assigned There is someone working on resolving the issue

Comments

@Ms2ger
Copy link
Contributor

Ms2ger commented Nov 8, 2015

Prompted by #8392. We should not allow websites to use just any image format that piston happens to support. Support for any image format is a web compatibility decision that should be made as such.
@craftytrickster
Copy link
Contributor

This may be an oversimplification, but could this possibly be handled in the following way?
Adding a format_not_supported method that checks the buffer against a whitelist of supported formats like:

In components/net_traits/image/base.rs , within pub fn load_from_memory

    if buffer.is_empty() {
        return None;
    }
    if (format_not_supported(buffer) {
        debug!("Image format not supported."); // should include img format in debug message
        return None;
    }

@jdm
Copy link
Member

jdm commented Nov 11, 2015

That sounds like the right way to do it!

@jdm jdm added the A-content/images Interacting with images from web content label Nov 11, 2015
@craftytrickster
Copy link
Contributor

Do you mind if I take a stab at this (hopefully later today)?

@jdm jdm added the C-assigned There is someone working on resolving the issue label Nov 11, 2015
@jdm
Copy link
Member

jdm commented Nov 11, 2015

Please do!

@craftytrickster craftytrickster mentioned this issue Nov 13, 2015
Merged
bors-servo pushed a commit that referenced this issue Nov 17, 2015
Auto merge of #8503 - craftytrickster:8406/limit-suppported-format, r…
f17f890 
…=mbrubeck

Adding method to detect if image formats should be supported by servo

#8406

Please let me know if I need to make any changes.

<!-- Reviewable:start -->
[<img src="https://reviewable.io/review_button.png" height=40 alt="Review on Reviewable"/>](https://reviewable.io/reviews/servo/servo/8503)
<!-- Reviewable:end -->
@kaksmet kaksmet mentioned this issue Mar 1, 2016
Merged
@jdm jdm closed this as completed Mar 1, 2016
jrmuizel pushed a commit to jrmuizel/gecko-cinnabar that referenced this issue Jun 12, 2017
servo: Merge #8503 - Adding method to detect if image formats should …
2a2d217 
…be supported by servo (from craftytrickster:8406/limit-suppported-format); r=mbrubeck

servo/servo#8406

Please let me know if I need to make any changes.

Source-Repo: https://github.com/servo/servo
Source-Revision: f17f89059a3681b7bd2da0a04259353ca21c8122
gecko-dev-updater pushed a commit to marco-c/gecko-dev-comments-removed that referenced this issue Oct 1, 2019
@marco-c
servo: Merge #8503 - Adding method to detect if image formats should …
68a142e 
…be supported by servo (from craftytrickster:8406/limit-suppported-format); r=mbrubeck

servo/servo#8406

Please let me know if I need to make any changes.

Source-Repo: https://github.com/servo/servo
Source-Revision: f17f89059a3681b7bd2da0a04259353ca21c8122

UltraBlame original commit: 9aa9b1dc7569157249ba77fae193b85cc2d0ae3d
gecko-dev-updater pushed a commit to marco-c/gecko-dev-wordified-and-comments-removed that referenced this issue Oct 1, 2019
@marco-c
servo: Merge #8503 - Adding method to detect if image formats should …
4eebbe9 
…be supported by servo (from craftytrickster:8406/limit-suppported-format); r=mbrubeck

servo/servo#8406

Please let me know if I need to make any changes.

Source-Repo: https://github.com/servo/servo
Source-Revision: f17f89059a3681b7bd2da0a04259353ca21c8122

UltraBlame original commit: 9aa9b1dc7569157249ba77fae193b85cc2d0ae3d
gecko-dev-updater pushed a commit to marco-c/gecko-dev-wordified that referenced this issue Oct 1, 2019
@marco-c
servo: Merge #8503 - Adding method to detect if image formats should …
a0f2f61 
…be supported by servo (from craftytrickster:8406/limit-suppported-format); r=mbrubeck

servo/servo#8406

Please let me know if I need to make any changes.

Source-Repo: https://github.com/servo/servo
Source-Revision: f17f89059a3681b7bd2da0a04259353ca21c8122

UltraBlame original commit: 9aa9b1dc7569157249ba77fae193b85cc2d0ae3d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-content/images Interacting with images from web content C-assigned There is someone working on resolving the issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jdm @Ms2ger @craftytrickster