ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Minimizing icon and screenshot transfer size

To: Łukasz Czyżykowski <lukasz.czyzykowski@xxxxxxxxxxxxx>
From: Jonas Drange <jonas.drange@xxxxxxxxxxxxx>
Date: Fri, 25 Apr 2014 08:57:10 +0200
Cc: Thomas Strehl <thomas.strehl@xxxxxxxxxxxxx>, Ubuntu Appstore Developers <ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx>, Pawel Stolowski <pawel.stolowski@xxxxxxxxxxxxx>, Ted Gould <ted@xxxxxxxxxx>, Michał Sawicz <michal.sawicz@xxxxxxxxxxxxx>, Rodney Dawes <rodney.dawes@xxxxxxxxxxxxx>, Michal Hruby <michal.hruby@xxxxxxxxxxxxx>, "Alejandro J. Cura" <alejandro.cura@xxxxxxxxxxxxx>
In-reply-to: <CAP_WfQO-0Ek5cAKFaGj6FdrMGuYraHemV5yUESesKVuu04dZ-A@mail.gmail.com>

On Wed, Apr 23, 2014 at 12:05 PM, Łukasz Czyżykowski <
lukasz.czyzykowski@xxxxxxxxxxxxx> wrote:

> Because of security risk devportal currently allows uploading of SVG
> icons, but renders them on the server and only saves resulting PNG, which
> is later served to clients.
>
> Cheers
>

Would not serving the SVGs from a different domain mitigate this? In that
case, if JS did go through our filters, the JS would not have access to
cookies, DOM, etc in devportal.

References

Minimizing icon and screenshot transfer size
From: Alejandro J. Cura, 2014-04-21
Re: Minimizing icon and screenshot transfer size
From: Martin Albisetti, 2014-04-22
Re: Minimizing icon and screenshot transfer size
From: Rodney Dawes, 2014-04-22
Re: Minimizing icon and screenshot transfer size
From: Michał Sawicz, 2014-04-22
Re: Minimizing icon and screenshot transfer size
From: Alejandro J. Cura, 2014-04-22
Re: Minimizing icon and screenshot transfer size
From: Rodney Dawes, 2014-04-22
Re: Minimizing icon and screenshot transfer size
From: Jonas Drange, 2014-04-22
Re: Minimizing icon and screenshot transfer size
From: Rodney Dawes, 2014-04-22
Re: Minimizing icon and screenshot transfer size
From: Ted Gould, 2014-04-22
Re: Minimizing icon and screenshot transfer size
From: Łukasz Czyżykowski, 2014-04-23