Security concerns - Githubissues

larocquedylan / web-exif-parsing

research project into testing the limit of parsing exif data on the browser

https://web-exif-parsing.vercel.app

0 stars 0 forks source link

Security concerns #9

Open larocquedylan opened 10 months ago

larocquedylan commented 10 months ago

How should I handle file sizes. I don't want my form to be corrupted.

validate user inputs

larocquedylan commented 10 months ago

Perhaps restrict the type of files allowed too.

Chrome doesn't support HEIC. I am using Exifr, this only supports jpg and png. So perhaps restrict these to the type of files one can use? Not the best UX though.

some thoughts.

valid file type
file size limits
ensure my program treats metadata as a data, not execute any code.
sanitize the metadata

larocquedylan commented 10 months ago

pushed some updates today to the valid file type and file size limits.

To do

sanitize the metadata

not a major priority at the moment, but worth a look at some point.