https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
Tisza Gergő changed:
What|Removed |Added
CC||gti...@wikimedia.org
--- Comment #11 fro
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
Bawolff (Brian Wolff) changed:
What|Removed |Added
See Also||https://bugzilla.wikimedia.
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
Jean-Fred changed:
What|Removed |Added
CC||jeanfrederic.w...@gmail.com
Bl
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
Bawolff (Brian Wolff) changed:
What|Removed |Added
See Also||https://bugzilla.wikimedia.
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
Bryan Tong Minh changed:
What|Removed |Added
CC||tstarl...@wikimedia.org
--- Comment
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
--- Comment #9 from Bawolff 2010-11-08 05:44:34 UTC ---
Ok, so (From my understanding):
*IE only looks at the first 255 bytes of a file
*The EXIF standard allows arbitrary whitespace at the beginning of the exif
application segment (right after
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
Roan Kattouw changed:
What|Removed |Added
CC||roan.katt...@gmail.com
--- Comment #8 f
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
--- Comment #7 from Bawolff 2010-10-30 17:10:19 UTC ---
Also if we were filtering html from the file, it'd be kind of weird to filter
some html, then of the html we let in, not allow it to be used on the metadata
box on the image page (With our
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
--- Comment #6 from Derk-Jan Hartman 2010-10-30 10:22:41
UTC ---
how about IEs filter in style= ? And elements of course, inline images,
applet, iframe. There are many things in HTML that can potentially be
dangerous.
--
Configure bugmail:
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
--- Comment #5 from Bryan Tong Minh 2010-10-30
09:28:09 UTC ---
Well, only
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
Derk-Jan Hartman changed:
What|Removed |Added
CC||hart...@videolan.org
--- Comment #4
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
--- Comment #3 from DieBuche 2010-10-30 00:09:52 UTC ---
Oh, sorry, maybe I wasn't clear enough. I'm aware of the script issue, but
would it still be a concern if we only disallowed
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
Bawolff changed:
What|Removed |Added
CC||bawolff...@gmail.com
--- Comment #2 from Baw
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707
--- Comment #1 from Bryan Tong Minh 2010-10-29
16:27:57 UTC ---
The security reason is that IE may get fooled into thinking that this is
actually an HTML file and try to display it, executing any embedded JS in the
process.
--
Configure bugm
14 matches
Mail list logo