On Wed, Apr 25, 2012 at 5:36 PM, Phil Charlesworth <[email protected]> wrote:
> Sorry, what exactly is the discrepancy that worries you? that there is a difference *at all* from pyjs. pyjd should not be bypassing the XSS - it should be doing exactly, solely, exclusively and nothing other than precisely, exactly and solely what pyjs does. by reading the images from the local filesystem, that's bypassing the XSS of the browser engine. and is making pyjd "different" from pyjs. there *is* no other difference. everything else works in *exactly* the same way, across both pyjd and pyjs. this is the first attempt to break that and i'm not too happy about it. copying the images is simple: if the files don't exist in public, copy them. l.
