W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2020

Image Resize Issue

From: Takao Nakagawa <takao.nakagawa@jtp.co.jp>
Date: Wed, 22 Jan 2020 11:34:21 +0900
Message-ID: <CAB+ShYPuqxj3Q78zxzKXRywjXNgt29OwAKCCEYKqABfnMU4EbQ@mail.gmail.com>
To: public-webappsec@w3.org
Cc: Nikolaij Ouillon <Nikolaij.Ouillon@jtp.co.jp>, Masakazu Umegaki <Masakazu.Umegaki@jtp.co.jp>, toshifumi nakazawa <Toshifumi.Nakazawa@jtp.co.jp>
Hi All,

We would inquire if the following problem can be related to CSP as defined
by the W3C and its browser implementation.

The process related to CSP (Image resize function)

- Site gets loaded by the browser
- Image is loaded by the URL defined in an <img> tag’s src parameter.
- JavaScript-event load is triggered
- Image size is obtained of <img>
- Image is resized

Example Code:

<script type="text/javascript">
$(function() {
$('#img-001').bind('load', function(){
imgWidth = $('#img-001').css('width').replace('px', '');
changeImgSize();
});
});
</script>
<img id="img-001" src="test.jpg">

Following problems occurs:
Rarely, in Internet Explorer 11, the image’s real size can not be obtained.
In that case, the obtained size seems to be IE11’s default value of 28x30px
for images.


What we would like to confirm
Could the problem be related to CSP?


Why we think the problem might be related to CSP
Although we changed our code to be CSP compliant, we saw no improvement.
https://qd7nvchv.ie-lab.io/ms.html (We moved inline scripts to external
sources and changed the meta tags as required by CSP)

We did contact Microsoft Support and got the following response: “Internet
Explorer does not support CSP, so the problem is not related to it.”

Does the W3C think as well that the problem doesn’t seem to be related to
CSP?

Thanks!
Takao Nakagawa
https://www.jtp.co.jp/en/
Received on Friday, 24 January 2020 08:28:09 UTC

This archive was generated by hypermail 2.4.0 : Friday, 24 January 2020 08:28:10 UTC