[Bug 25707] Allow "html" in exif tags

2014-10-02 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 Tisza Gergő changed: What|Removed |Added CC||gti...@wikimedia.org --- Comment #11 fro

[Bug 25707] Allow "html" in exif tags

2014-09-30 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 Bawolff (Brian Wolff) changed: What|Removed |Added See Also||https://bugzilla.wikimedia.

[Bug 25707] Allow "html" in exif tags

2014-05-23 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 Jean-Fred changed: What|Removed |Added CC||jeanfrederic.w...@gmail.com Bl

[Bug 25707] Allow "html" in exif tags

2013-04-16 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 Bawolff (Brian Wolff) changed: What|Removed |Added See Also||https://bugzilla.wikimedia.

[Bug 25707] Allow "html" in exif tags

2010-11-07 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 Bryan Tong Minh changed: What|Removed |Added CC||tstarl...@wikimedia.org --- Comment

[Bug 25707] Allow "html" in exif tags

2010-11-07 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 --- Comment #9 from Bawolff 2010-11-08 05:44:34 UTC --- Ok, so (From my understanding): *IE only looks at the first 255 bytes of a file *The EXIF standard allows arbitrary whitespace at the beginning of the exif application segment (right after

[Bug 25707] Allow "html" in exif tags

2010-10-31 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 Roan Kattouw changed: What|Removed |Added CC||roan.katt...@gmail.com --- Comment #8 f

[Bug 25707] Allow "html" in exif tags

2010-10-30 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 --- Comment #7 from Bawolff 2010-10-30 17:10:19 UTC --- Also if we were filtering html from the file, it'd be kind of weird to filter some html, then of the html we let in, not allow it to be used on the metadata box on the image page (With our

[Bug 25707] Allow "html" in exif tags

2010-10-30 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 --- Comment #6 from Derk-Jan Hartman 2010-10-30 10:22:41 UTC --- how about IEs filter in style= ? And elements of course, inline images, applet, iframe. There are many things in HTML that can potentially be dangerous. -- Configure bugmail:

[Bug 25707] Allow "html" in exif tags

2010-10-30 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 --- Comment #5 from Bryan Tong Minh 2010-10-30 09:28:09 UTC --- Well, only

[Bug 25707] Allow "html" in exif tags

2010-10-29 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 Derk-Jan Hartman changed: What|Removed |Added CC||hart...@videolan.org --- Comment #4

[Bug 25707] Allow "html" in exif tags

2010-10-29 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 --- Comment #3 from DieBuche 2010-10-30 00:09:52 UTC --- Oh, sorry, maybe I wasn't clear enough. I'm aware of the script issue, but would it still be a concern if we only disallowed

[Bug 25707] Allow "html" in exif tags

2010-10-29 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 Bawolff changed: What|Removed |Added CC||bawolff...@gmail.com --- Comment #2 from Baw

[Bug 25707] Allow "html" in exif tags

2010-10-29 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=25707 --- Comment #1 from Bryan Tong Minh 2010-10-29 16:27:57 UTC --- The security reason is that IE may get fooled into thinking that this is actually an HTML file and try to display it, executing any embedded JS in the process. -- Configure bugm