nkprasad12
commented
3 years ago This is resolved. Images are saved as:
server@/retrieve_image/[]image name]
and resolved on the client side as
serverOrigin/retrieve_image/[image name]
so changing the image address will only make other clients try to retrieve an image that doesn't exist.
Not a big deal now but a malicious client could easily make everyone fetch arbitrary blobs with the current setup by changing an imageSource