Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-39874

Allow data image encoded src in formattedtext

    XMLWordPrintable

    Details

    • Type: (Deprecated) Contributed Patch
    • Status: RESOLVED
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.9.x, 10.0
    • Fix Version/s: 2.9.x, 10.0
    • Component/s: Kernel
    • Labels:
      None
    • Previous Issue Keys:
      KNL-1106

      Description

      It would be useful to allow the Data URI scheme for encoded images. We're working on a feature to embed images in the content to make them easier to share and it's blocking them because such a pattern isn't defined.

      https://en.wikipedia.org/wiki/Data_URI_scheme

      data: src has some security issues with certain tags, but no known issues for img tags, and with a regex limited to "data:image" I can't find any security issues at all.

      http://stackoverflow.com/questions/11228771/are-data-uris-on-imgs-xss-exploitable

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  • Assignee:
                    ottenhoff Sam Ottenhoff
                    Reporter:
                    jonespm Matthew Jones
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    3 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Git Integration