>> Another minor comment: it seems like this new API returns raw data. It seems >> like the native way to use this would result in running untrusted data from >> the network through image decoders outside the Web Process sandbox. Do we >> have a way to avoid that? > > This came up while implementing it for Safari, too. In practice we didn't > decode icons out-of-process before so this model was not a regression. I see > value in offering this, but it's also something conscientious clients can do > on their own with the raw data.
Didn’t we need to create the Safari ImageDecoder service to work around the problem of decoding untrusted icon images? Geoff _______________________________________________ webkit-dev mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-dev
