© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
> I'm asking, when a data image is passed through to ShouldLoad, what's the url
> that is passed through?
The @src attribute of the image. So the data: URI.
> possible for websites to bypass the url checking at least for REJECT_SERVER,
> no?
That's the content policy's business. If it wants to be checking the source of the load instead of the destination, it can do so, of course.
> And this works per-host even if images are turned off completely
Not for images with no host (as above), which you can't whitelist but which the global "images are turned off" pref catches.