- From: Alec Miller <notifications@github.com>
- Date: Wed, 29 Nov 2017 04:26:44 +0000 (UTC)
- To: w3c/clipboard-apis <clipboard-apis@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 29 November 2017 04:27:10 UTC
The reason that I don't trust sanitizing images is that we render out up to 32k x 32k PNG and JPG. We also pass-through APNG files, and would like to pass through GIF. I can see the sanitizer trying to open these large files to re-render them and failing, or the alternative is doing all the work on the CPU and taking forever for large images. These files are all small enough once compressed but can still be a few hundred MB, and it feels like all attack vectors are in the header or IDAT lengths in the case of PNG. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/clipboard-apis/issues/44#issuecomment-347749360
Received on Wednesday, 29 November 2017 04:27:10 UTC