The image/icon made-up format is exposed to the web
Categories
(Core :: Graphics: ImageLib, defect, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox69 | --- | affected |
People
(Reporter: mstange, Unassigned)
Details
We have an internal "Icon" image format which has the following format: width as u8, height as u8, raw bgra byte data. Its purpose is to be used internally. However, the decoder is exposed to the web: it is registered for the (made-up) mime type image/icon
.
E.g. here's an image data url for a 2x2 icon with red, green, blue, yellow pixels: data:image/icon;base64,AgIAAP//AP8A//8AAP8A////
You could use this on your website and it would show in Firefox, but not in any other browser.
Do we want to expose this format? Can we find a different way of getting icon data from the system into UI image elements?
Comment 1•5 years ago
|
||
(In reply to Markus Stange [:mstange] from comment #0)
Do we want to expose this format?
Probably not.
Is there a way easily disable access from content?
Comment 2•5 years ago
|
||
Ah, we tried to disable access from content is bug 1222924, but I guess that bug missed at the least data uris.
Updated•5 years ago
|
Reporter | ||
Comment 3•5 years ago
|
||
Ah, if it's just data urls, that's not so bad then. I hadn't tested this with regular http(s) pages.
Updated•2 years ago
|
Description
•