Render all file types that render-media can handle #189
No reviewers
Labels
No labels
accessibility
app-parity
area: creator
area: daemon
area: design
area: devops
area: discovery
area: docs
area: installer
area: internal
area: livestream
area: performance
area: proposal
area: reposts
area: rewards
area: search
area: security
area: subscriptions
area: sync
area: ux
area: viewer
area: wallet
BEAMER
channel
comments
community PR
consider soon
core team
css
dependencies
electron
Epic
feature request
first-timers-only
good first issue
hacktoberfest
help wanted
hub-dependent
icebox
Invalid
level: 0
level: 1
level: 2
level: 3
level: 4
merge when green
needs: exploration
needs: grooming
needs: priority
needs: repro
needs: tech design
notifications
odysee
on hold
playlists
priority: blocker
priority: high
priority: low
priority: medium
protocol dependent
recsys
redesign
regression
resilience
sdk dependent
Tom's Wishlist
trending
type: bug
type: discussion
type: improvement
type: new feature
type: refactor
type: task
type: testing
unplanned
windows
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: LBRYCommunity/lbry-desktop#189
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "play-more-file-types"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
I've added all the other types that
render-media
can play @kauffj.It renders documents into an iframe. This could be a security vulnerability. I tried adding some HTML with JS and couldn't get anything to run, but looking at the
render-media
source, it seems that it does allow scripts somehow https://github.com/feross/render-media/blob/master/index.js#L282.Would the scripts would still be sandboxed from accessing the daemon because they're in an iframe?
I think so but not 100% certain. We would need to try some malicious files.
Seems to be ok @kauffj. It's not possible to access the parent in any way.
Is all of the class checking correct here? I may not understand the conditions properly, but seems like you could end up with repeated classes and/or classes stacked without a space.