loggerhead-breezy

Should show images

Bug #388661 reported by Alexandre Garnier on 2009-06-17

22

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	loggerhead	Triaged	Wishlist	Unassigned
	loggerhead-breezy	Triaged	Wishlist	Unassigned

Bug Description

Images are binaries displayable by the browser, so loggerhead should show them in :
* revision view with old in red background and new in green background
* annotate view

Revision history for this message

Robert Collins (lifeless) wrote on 2009-06-17: Re: [Bug 388661] [NEW] Should show images

#1

On Wed, 2009-06-17 at 20:46 +0000, Alexandre Garnier wrote:
> Public bug reported:
>
> Images are binaries displayable by the browser, so loggerhead should show them in :
> * revision view with old in red background and new in green background
> * annotate view

Images are likely a huge risk for content-sniffing attacks. The
content-sniffing behaviour analysis done by google and in discussion on
the IETF-HTTP-wg list should be consulted before considering doing this.

-Rob

Revision history for this message

Martin Pool (mbp) wrote on 2009-06-17:

#2

The risk as I understand it is: someone commits an image into a branch
on Launchpad (for example) that actually contains malicious content
that does a cross-site scripting attack that steals the viewer's
Launchpad credentials.

Revision history for this message

Alexandre Garnier (zigarn) wrote on 2009-06-18:

#3

Maybe add an option to deactivate it in sensible environments.
In my case, loggerhead is used at work for private repository without that kind of risk.

Revision history for this message

Martin Pool (mbp) wrote on 2009-06-18: Re: [Bug 388661] Re: Should show images

#4

Yes an option would make sense to me.

As a future feature, loggerhead could have another option to check the
image is valid (eg by calling out to "jpeginfo -c").

Revision history for this message

Michael Hudson-Doyle (mwhudson) wrote on 2009-06-23:

#5

I think a --trust-content flag would be nice.

Changed in loggerhead:
importance:	Undecided → Medium
status:	New → Triaged

Revision history for this message

Max Kanat-Alexander (mkanat) wrote on 2011-01-20:

#6

We don't show them in /annotate/ or /revision/ yet, but they are displayable if you use /raw/ now, on trunk.

Changed in loggerhead:
assignee:	nobody → Max Kanat-Alexander (mkanat)
status:	Triaged → Fix Committed
status:	Fix Committed → Triaged
assignee:	Max Kanat-Alexander (mkanat) → nobody
importance:	Medium → Wishlist

Jelmer Vernooij (jelmer) on 2018-10-20

Changed in loggerhead-breezy:
status:	New → Triaged
importance:	Undecided → Wishlist

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #666508

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.