[Webkit-unassigned] [Bug 104111] REGRESSION (r129585): Cannot load DATA URI resources within the context of an SVG image
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Feb 3 07:45:24 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=104111
--- Comment #21 from George May <georgemay137 at yahoo.com> 2013-02-03 07:47:27 PST ---
Hi, as a start i would like DATA URI resources from "http://"-loaded images to be enabled. Does such a change posses any security risk? (I see none, but I'm not an expert...)
BTW, why is data uri images loading another data uri images bad?
(In reply to comment #20)
> (In reply to comment #19)
> > (In reply to comment #16)
> > > I recommend closing this bug as WONTFIX.
> >
> > Hi,
> > Sorry, been away for a while.
> > As Philip mentioned, FF does allow using data URIs inside SVG, as it doesn't effect security.
> > Is there anything currently unsafe with my patch? What needs to be fixed?
> >
> > Thx!
>
> I should have been clearer: Mozilla chose to disallow data:uri images from themselves loading other data:uri images for reasons similar to Adam's objection (security complexity). This case is slightly different. I have a followup question though: did you intend to remove the chromium/ResourceHandle.cpp change from the patch?
>
> Abarth gave an r- and listed some concerns, I think you'll need to address those to move this forward.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list