Render all file types that render-media can handle #189

Merged
6ea86b96 merged 1 commit from play-more-file-types into master 2017-06-05 17:40:12 +02:00
6ea86b96 commented 2017-06-02 20:37:53 +02:00 (Migrated from github.com)

I've added all the other types that render-media can play @kauffj.

It renders documents into an iframe. This could be a security vulnerability. I tried adding some HTML with JS and couldn't get anything to run, but looking at the render-media source, it seems that it does allow scripts somehow https://github.com/feross/render-media/blob/master/index.js#L282.

filetypes

I've added all the other types that `render-media` can play @kauffj. It renders documents into an iframe. This could be a security vulnerability. I tried adding some HTML with JS and couldn't get anything to run, but looking at the `render-media` source, it seems that it does allow scripts somehow https://github.com/feross/render-media/blob/master/index.js#L282. ![filetypes](https://cloud.githubusercontent.com/assets/20863631/26739602/a163caa8-47fc-11e7-8bc1-ef9a685fd594.gif)
kauffj commented 2017-06-02 20:50:05 +02:00 (Migrated from github.com)

Would the scripts would still be sandboxed from accessing the daemon because they're in an iframe?

Would the scripts would still be sandboxed from accessing the daemon because they're in an iframe?
6ea86b96 commented 2017-06-02 20:52:24 +02:00 (Migrated from github.com)

I think so but not 100% certain. We would need to try some malicious files.

I think so but not 100% certain. We would need to try some malicious files.
6ea86b96 commented 2017-06-03 14:30:05 +02:00 (Migrated from github.com)

Seems to be ok @kauffj. It's not possible to access the parent in any way.

2017-06-03 at 19 28

Seems to be ok @kauffj. It's not possible to access the parent in any way. ![2017-06-03 at 19 28](https://cloud.githubusercontent.com/assets/20863631/26753544/d9c2fd1a-4892-11e7-8535-8dd199f3fdd7.jpg)
kauffj (Migrated from github.com) reviewed 2017-06-04 23:28:31 +02:00
kauffj (Migrated from github.com) commented 2017-06-04 23:28:21 +02:00

Is all of the class checking correct here? I may not understand the conditions properly, but seems like you could end up with repeated classes and/or classes stacked without a space.

Is all of the class checking correct here? I may not understand the conditions properly, but seems like you could end up with repeated classes and/or classes stacked without a space.
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: LBRYCommunity/lbry-desktop#189
No description provided.