Support .WEBP file format in .EPUB

[kjk]

Discussed in https://github.com/sumatrapdfreader/sumatrapdf/discussions/3414

^{Originally posted by **stepger** April 2, 2023} I did, using script: - convert all images/pictures - edited mime/extentions - edited paths Pictures shows only when extention of packed book is ".**CBZ**". When ".**EPUB**" i see placeholder "**IMAGE**" Thank you.

[GitHubRulesOK]

Currently WebP is not as at 12 December 2022 recognised as a valid IANA format (STILL DRAFT)! thus like many formats needs enough traction to be classed as common.

ePub3 thus are since 4/12/20 provisionally declaring as a draft format

Resolution 1: EPUB 3.3 will keep the concept of core media types as it is today.

thus its still not a valid ePub format same as no bmp tga nor fax nor oddly tiff certainly no heic !!

from https://www.w3.org/publishing/epub3/epub-spec.html#sec-epub-rs-conf Media Type Content Type Definition Applies to Images image/gif [GIF] GIF Images image/jpeg [JPEG] JPEG Images image/png [PNG] PNG Images image/svg+xml SVG Content Documents [ContentDocs32] SVG documents Audio audio/mpeg [MP3] MP3 audio audio/mp4 [MPEG4-Audio], [MP4] AAC LC audio using MP4 container Video EPUB 3 allows any video codecs to be included without fallbacks, although none are technically considered Core Media Type Resources. Refer to the note in EPUB Publications — Reading System Conformance for informative recommendations on support for video codecs in EPUB Publications. Style text/css CSS Style Sheets [ContentDocs32] CSS Style Sheets. Fonts EPUB 3 allows any font resource to be included without a fallback, as CSS already defines fallback rules for fonts. Refer to EPUB Content Documents for support requirements in EPUB Publications. font/ttf application/font-sfnt [TrueType] TrueType fonts font/otf application/font-sfnt application/vnd.ms-opentype [OpenType] OpenType fonts font/woff application/font-woff [WOFF] WOFF fonts font/woff2 [WOFF2] WOFF2 fonts Other application/xhtml+xml XHTML Content Documents [ContentDocs32] XHTML Content Documents that use the XHTML syntax [HTML]. application/javascript text/javascript [RFC4329] Scripts. application/x-dtbncx+xml [OPF2] The legacy NCX. application/smil+xml [MediaOverlays32] EPUB Media Overlay documents application/pls+xml [PRONUNCIATION-LEXICON] Text-to-Speech (TTS) Pronunciation lexicons

[jarupxx]

The W3C announced EPUB 3.3 on May 25, 2023.https://www.w3.org/TR/epub-33/ Changes included WebP and Opus media formats. Currently a valid ePub format.

[GitHubRulesOK]

hmm the drafts are expired but one of the last comments was

Implementations of this format face security risks such as integer overflows, out-of-bounds reads and writes to both heap and stack, uninitialized data usage, null pointer dereferences, resource (disk, memory) exhaustion and extended resource usage (long running time) as part of the demuxing and decoding process. In particular, implementations reading this format are likely to take input from unknown and possibly unsafe sources -- both clients (e.g., web browsers, email clients) and servers (e.g., applications which accept uploaded images). These may result in arbitrary code execution, information leakage (memory layout and contents) or crashes and thereby allow a device to be compromised or cause a denial of service to an application using the format [cve.mitre.org-libwebp]

"We are aware of this issue being exploited in other products in the wild." So I think the format itself needs to be considered insecure. whilst exploits are nothing new webp is young so unknown how exploitable that may become https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libwebp