On 05/27/2014 09:05 PM, C. Scott Ananian wrote:
I agree that a simple whitelist might be workable, but it does depend on a bit of code auditing of librsvg to ensure that it can be done robustly.
That works to protect the image scalers, if correct, but it does nothing to protect the clients, would it?
-- Marc