ok thanks, ill take a look.. On Monday, 17 April 2017 17:46:01 UTC+1, Kevin Reid wrote: > > On Mon, Apr 17, 2017 at 1:39 AM, felbus <[email protected] <javascript:>> > wrote: > >> im tryng to display images inline in an html email with caja, and the >> security policy seems to be stripping out all the encoded data. >> > > data: URLs are not supported at all. > > We'd be interested in someone contributing the feature. > > It would involve modifying the uriRewrite function in domado.js to, in the > particular case of data: URLs, allow them if they are in an <img> context > (which is known to not execute content) or perhaps also if they are of a > safe type (such as an image type), after verifying that supported browsers > don't content-sniff data: URLs (I don't know if they do). > > >> i found this issue which is related, but its form 5 years ago, so >> wondered if this is now supported? >> >> https://code.google.com/archive/p/google-caja/issues/1558 >> > > Here's the updated link: https://github.com/google/caja/issues/1558 >
-- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
