On 05/27/2014 09:05 PM, C. Scott Ananian wrote: > I agree that a simple whitelist might be workable, but it does depend > on a bit of code auditing of librsvg to ensure that it can be done > robustly.
That works to protect the image scalers, if correct, but it does nothing to protect the clients, would it? -- Marc _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
