On 05/27/2014 09:05 PM, C. Scott Ananian wrote:
I agree that a simple whitelist might be workable, but
it does depend
on a bit of code auditing of librsvg to ensure that it can be done
robustly.
That works to protect the image scalers, if correct, but it does nothing
to protect the clients, would it?
-- Marc