Closed Bug 629448 Opened 14 years ago Closed 14 years ago

SVG-as-an-image should be able to load data: URIs

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 628747

People

(Reporter: dholbert, Assigned: dholbert)

Details

Attachments

(1 obsolete file)

I think my checkin for Bug 628747 was slightly too large of a hammer -- it disables loads from data:URIs, too (e.g. <image xlink:href="data:image/png,etc/>), which don't suffer from the data leakage problem outlined in bug 628747 comment 0. data URIs also provide a way for authors to cope with bug 628747, to embed external resources (e.g. raster images) directly for legitimate (non-malicious) uses. bz suggests checking for URI_IS_LOCAL_RESOURCE -- that looks like it's what we want. I'm writing some more comprehensive tests at the moment, and then will post a patch.
Attached patch patch 1 (back out bug 628747) (obsolete) — Splinter Review
Actually, rather than fixing this separately, I'm going to just back out bug 628747 and post/land a better fix there.
No longer blocks: 628747
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Attachment #507680 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: