[webkit-dev] Intent to remove the WebCore::IconDatabase (GTK needs to make a decision)
Geoffrey Garen
ggaren at apple.com
Mon Jun 19 10:20:10 PDT 2017
>> Another minor comment: it seems like this new API returns raw data. It seems like the native way to use this would result in running untrusted data from the network through image decoders outside the Web Process sandbox. Do we have a way to avoid that?
>
> This came up while implementing it for Safari, too. In practice we didn't decode icons out-of-process before so this model was not a regression. I see value in offering this, but it's also something conscientious clients can do on their own with the raw data.
Didn’t we need to create the Safari ImageDecoder service to work around the problem of decoding untrusted icon images?
Geoff
More information about the webkit-dev
mailing list