allow base64 data uri
113 views
Skip to first unread message
felbus
Apr 17, 2017, 4:39:51 AM4/17/17
to Google Caja Discuss
Hi,
im tryng to display images inline in an html email with caja, and the security policy seems to be stripping out all the encoded data.
i found this issue which is related, but its form 5 years ago, so wondered if this is now supported?
thanks
Kevin Reid
Apr 17, 2017, 12:46:01 PM4/17/17
to Google Caja Discuss
On Mon, Apr 17, 2017 at 1:39 AM, felbus <paul....@gmail.com> wrote:
im tryng to display images inline in an html email with caja, and the security policy seems to be stripping out all the encoded data.
data: URLs are not supported at all.
We'd be interested in someone contributing the feature.
It would involve modifying the uriRewrite function in domado.js to, in the particular case of data: URLs, allow them if they are in an <img> context (which is known to not execute content) or perhaps also if they are of a safe type (such as an image type), after verifying that supported browsers don't content-sniff data: URLs (I don't know if they do).
i found this issue which is related, but its form 5 years ago, so wondered if this is now supported?
Here's the updated link: https://github.com/google/caja/issues/1558
felbus
Apr 19, 2017, 11:09:45 AM4/19/17
to Google Caja Discuss
ok thanks, ill take a look..
Reply all
Reply to author
Forward
0 new messages