Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-39874

Allow data image encoded src in formattedtext

    XMLWordPrintable

    Details

    • Type: (Deprecated) Contributed Patch
    • Status: RESOLVED
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.9.x, 10.0
    • Fix Version/s: 2.9.x, 10.0
    • Component/s: Kernel
    • Labels:
      None
    • Previous Issue Keys:
      KNL-1106

      Description

      It would be useful to allow the Data URI scheme for encoded images. We're working on a feature to embed images in the content to make them easier to share and it's blocking them because such a pattern isn't defined.

      https://en.wikipedia.org/wiki/Data_URI_scheme

      data: src has some security issues with certain tags, but no known issues for img tags, and with a regex limited to "data:image" I can't find any security issues at all.

      http://stackoverflow.com/questions/11228771/are-data-uris-on-imgs-xss-exploitable

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ottenhoff Sam Ottenhoff
                  Reporter:
                  jonespm Matthew Jones
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Git Source Code