On Jun 19, 2017, at 10:20 AM, Geoffrey Garen <[email protected]> wrote:
>>> Another minor comment: it seems like this new API returns raw data. It >>> seems like the native way to use this would result in running untrusted >>> data from the network through image decoders outside the Web Process >>> sandbox. Do we have a way to avoid that? >> >> This came up while implementing it for Safari, too. In practice we didn't >> decode icons out-of-process before so this model was not a regression. I see >> value in offering this, but it's also something conscientious clients can do >> on their own with the raw data. > > Didn’t we need to create the Safari ImageDecoder service to work around the > problem of decoding untrusted icon images? That’s not going to be available to other participants in the WebKit Open Source projects. > > Geoff > _______________________________________________ > webkit-dev mailing list > [email protected] > https://lists.webkit.org/mailman/listinfo/webkit-dev _______________________________________________ webkit-dev mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-dev
