On Wed, Jun 10, 2015 at 11:22 AM, Hallvord Reiar Michaelsen Steen <hst...@mozilla.com> wrote: > Developing web browsers and their specs means paranoia should be part of > your job description. > It is a concern and I'm not sure how to solve it.
Well we should be able to allow some things here. Either we verify that it is an image or we only allow images that are exported from <canvas> or some such... But yeah, passing arbitrary bytes seems bad, there needs to be some amount of validation. -- https://annevankesteren.nl/