Closed Bug 239961 Opened 20 years ago Closed 20 years ago

ImageLib should not need to sniff content types

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED DUPLICATE of bug 126067

People

(Reporter: david, Assigned: jdunn)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031030
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031030

In bug 234374 comment #1, it was mentioned that ImageLib successfully renders a
Windows Bitmap file delivered with an image/png content type because it does
additional sniffing of the image type after receiving it.  I would like to have
a way to disable this additional sniffing.  If an image is delivered with an
incorrect content type, it should fail to be rendered.

This would allow site administrators a clear indication that something is
misconfigured, and eliminates possible security issues with having a
hypothetical image vulnerability make its way through filters and into the
rendering engine by masquerading as another content type.  IE is notorious for
these types of issues with text/plain, for example.

If there is a usability issue with this (where misconfigured web servers are
common, or in the case of local files on an extension-oriented OS/filesystem,
files are misnamed or the OS doesn't have a proper mapping), perhaps a "strict
image" mode could be configurable (or enabled with standards-compliant document
handling).

Reproducible: Didn't try
Steps to Reproduce:

*** This bug has been marked as a duplicate of 126067 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.