Re: [csswg-drafts] [css-color-4] Security: handling of color-profiles (#5552) from Tab Atkins Jr. via GitHub on 2020-10-05 (public-css-archive@w3.org from October 2020)

From: Tab Atkins Jr. via GitHub <sysbot+gh@w3.org>
Date: Mon, 05 Oct 2020 17:45:04 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-703785192-1601919903-sysbot+gh@w3.org>

> As a further indication that ICC is not a new format on the Web, the Internet Media Type application/vnd.iccprofile was registered in 2008.

It's "a new format on the web" because browsers do not currently parse ICC files; this is a new parser being exposed to the web.

The presence of it in standards doesn't matter here, it's the exposure of potential new parsing vulnerabilities due to new parsers being exercised by potentially malicious actors.

-- 
GitHub Notification of comment by tabatkins
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5552#issuecomment-703785192 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 5 October 2020 17:45:05 UTC