On Wed, Apr 23, 2014 at 12:05 PM, Łukasz Czyżykowski < lukasz.czyzykow...@canonical.com> wrote:
> Because of security risk devportal currently allows uploading of SVG > icons, but renders them on the server and only saves resulting PNG, which > is later served to clients. > > Cheers > Would not serving the SVGs from a different domain mitigate this? In that case, if JS did go through our filters, the JS would not have access to cookies, DOM, etc in devportal.
-- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : ubuntu-appstore-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
