search

kleisauke / wasm-vips

libvips for the browser and Node.js, compiled to WebAssembly with Emscripten.
https://kleisauke.github.io/wasm-vips/
MIT License
463 stars 25 forks source link

Support blocking untrusted operations #24

Closed atjn closed 1 year ago

atjn commented 1 year ago

Support blocking untrusted and arbitrary operations with vips_block_untrusted_set and vips_operation_block_set:

// Block all untrusted operations
vips.blockUntrusted(true);

// Block all foreign loaders
vips.operationBlock("VipsForeignLoad", true);

// Reenable the jpeg loader
vips.operationBlock("VipsForeignLoadJpeg", true);

Note that it was already possible to use vips_block_untrusted_set before, by setting the module.ENV.VIPS_BLOCK_UNTRUSTED parameter on initialization.

Related: https://github.com/kleisauke/wasm-vips/pull/21#issuecomment-1221549162

atjn commented 1 year ago

I considered integrating this a bit deeper, allowing for things like:

vips.Operation.block(vips.Image.pngsave, true);

vips.Image.jpegsave.block(true);

vips.Image.jpegsave.block(); // returns true
vips.Image.jpegsave.untrusted(); // returns false

But AFAICT it would require a massive amount of work, and I wasn't even sure if it would be desirable, given that it is pretty different from the core libvips API.