Open GoogleCodeExporter opened 9 years ago
The server also drops any schemes that are not http, https, or mailto, in
UriPolicyNanny. Seems simple to add the scheme, but I'm sure some validation
of the data uri is in order as well...maybe not in the scope of this issue
though.
Original comment by doug...@gmail.com
on 9 Oct 2012 at 3:44
Data uris would be very helpful for inline images. Would it help the security
case if they were limited to being used for urls that hint as images? That
would reduce the chance of dangerous content sniffing, I would think.
Original comment by cgoldfe...@google.com
on 22 Jan 2013 at 7:31
http://www.ietf.org/rfc/rfc2397.txt on parsing data uris.
Original comment by jas...@gmail.com
on 22 Jan 2013 at 7:40
I'm trying to find out a way to insert a image in an HTML page through the
Google Apps Script HTML Service using this type of notation.
<a href="http://www.britblog.com/"><img src="data:image/gif;base64,R0lGODlhUAAPAKIAAAsLav///88PD9WqsYmApmZmZtZfYmdakyH5BAQUAP8ALAAAAABQAA8AAAPb
WLrc/jDKSVe4OOvNu/9gqARDSRBHegyGMahqO4R0bQcjIQ8E4BMCQc930JluyGRmdAAcdiigMLVr
ApTYWy5FKM1IQe+Mp+L4rphz+qIOBAUYeCY4p2tGrJZeH9y79mZsawFoaIRxF3JyiYxuHiMGb5KT
kpFvZj4ZbYeCiXaOiKBwnxh4fnt9e3ktgZyHhrChinONs3cFAShFF2JhvCZlG5uchYNun5eedRxM
AF15XEFRXgZWWdciuM8GCmdSQ84lLQfY5R14wDB5Lyon4ubwS7jx9NcV9/j5+g4JADs=
" alt="British Blog Directory" width="80" height="15" /></a>
Using a simple HTML file in the apps script editor, the data image part in it,
isn't considered.
The same happens with a downlodable attachment I want to show with Html Service:
<img src='" + get_icon_src(filename) + "'></img><a href='data:application/octet-stream;base64," + b64body + "' download='" + filename + "'>" + filename + "</a>
Original comment by francesc...@injenia.it
on 1 Sep 2013 at 12:12
Original comment by kpreid@google.com
on 11 Nov 2013 at 7:26
The javascript: URIs may have security concerns, but it seems relatively
straightforward to use data: URIs, particularly for images.
I am trying to make a Google Apps Script add-on that has images requiring
authentication. Inline images would make this work.
Original comment by p...@lucidchart.com
on 17 Dec 2013 at 6:23
Original issue reported on code.google.com by
jas...@gmail.com
on 7 Oct 2012 at 6:57