Closed
Bug 239961
Opened 20 years ago
Closed 20 years ago
ImageLib should not need to sniff content types
Categories
(Core :: Graphics: ImageLib, defect)
Core
Graphics: ImageLib
Tracking
()
RESOLVED
DUPLICATE
of bug 126067
People
(Reporter: david, Assigned: jdunn)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031030 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031030 In bug 234374 comment #1, it was mentioned that ImageLib successfully renders a Windows Bitmap file delivered with an image/png content type because it does additional sniffing of the image type after receiving it. I would like to have a way to disable this additional sniffing. If an image is delivered with an incorrect content type, it should fail to be rendered. This would allow site administrators a clear indication that something is misconfigured, and eliminates possible security issues with having a hypothetical image vulnerability make its way through filters and into the rendering engine by masquerading as another content type. IE is notorious for these types of issues with text/plain, for example. If there is a usability issue with this (where misconfigured web servers are common, or in the case of local files on an extension-oriented OS/filesystem, files are misnamed or the OS doesn't have a proper mapping), perhaps a "strict image" mode could be configurable (or enabled with standards-compliant document handling). Reproducible: Didn't try Steps to Reproduce:
Comment 1•20 years ago
|
||
*** This bug has been marked as a duplicate of 126067 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Comment 2•20 years ago
|
||
also see bug 155830, esp bug 155830 comment 19
You need to log in
before you can comment on or make changes to this bug.
Description
•