[tahoe-lafs-trac-stream] [tahoe-lafs] #1828: Problem with linked images' display in rst docs from trac
tahoe-lafs
trac at tahoe-lafs.org
Fri Oct 26 00:30:13 UTC 2012
#1828: Problem with linked images' display in rst docs from trac
-------------------------+--------------------------
Reporter: mk.fg | Owner: zooko
Type: defect | Status: assigned
Priority: minor | Milestone: undecided
Component: website | Version: n/a
Resolution: | Keywords: website docs
Launchpad Bug: |
-------------------------+--------------------------
Comment (by mk.fg):
Replying to [comment:10 mk.fg]:
> Replying to [comment:9 davidsarah]:
> > > Note that SVGs allow scripts, so serving them raw would in fact
introduce an XSS vulnerability.
> >
> > ... which we may already be vulnerable to.
>
> Whoa, you're right, didn't know about that at all.
>
> But I still think benefits far outweight the risks in this case ;)
Though maybe easy win-win solution would be to just convert these images
to png and commit them like that, disallowing svg in trac from then on.
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1828#comment:11>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list