[Webkit-unassigned] [Bug 118068] SVG data:uri images are not handled properly
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 20 14:35:28 PDT 2013
https://bugs.webkit.org/show_bug.cgi?id=118068
--- Comment #3 from Philip Rogers <pdr at google.com> 2013-09-20 14:34:32 PST ---
(In reply to comment #2)
> Why not simply updating CachedImage::load to enforce data:uri images loading even when network loading is disabled?
I'm afraid the loader code (in both Blink and WebKit) has diverged significantly since I wrote this patch. My best recollection is that doing this would result in a request being sent to the platform layer with a null networking context which could escape the SVG Image "sandbox" that prevents resource requests. This could allow an SVG image embedded in an email to work as a tracker, for example.
This may no longer be true (or may have only been true for Chromium) and I would encourage you to trace this code further to see what happens today.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list