Open holmesworcester opened 2 years ago
I think this is taken care of by the libraries we're using to the extent possible. Closing.
Reopening, given #743
There are two ways we're doing images now: data uris for profile images, and rendered files, for files.
We should ensure that we're protected in both cases against polyglot images and somebody building a data URI that does not behave as we expect to do, e.g.
More info on polyglots:
One sort of folksy but reasonable step I've heard a lot of applications take is to recompress images from untrusted sources.
Another thought I have on this, which might be a good habit for us to get into when things like this come up, would be to understand what signal does.
Right now we don't seem to validate images beyond checking the extension. So I can add ".png" to any file and send it.
Is there a way to validate images more thoroughly in frontend before sending?
Is there a way to validate images more thoroughly in the backend?
What's the most secure way to do this?