Create account

replied 2347d
It's a security concern. We don't want to load images from a potentially malicious site.
2 / 7 3
550
Sk8eM dUb
replied 2347d
You could just put it in the options tab for which sites you want to auto-load
2
1,000
replied 2347d
You mean like a browser exploit in image? How do you know that imgur can catch those? What about zero-day. Pretty rare phenomenon & many sites show any img. Suppose could be a UI pref.
replied 2347d
There are a number of issues, e.g. SSL. Even if we require https, sites hosting images could have invalid certs.
1
replied 2347d
Tried researching exploits/vulns based on imgs with external sources. Not really finding anything that serious or that hasn't been fixed. Will look into more.
1
1,000
replied 2347d
It doesn't need to be an exploit, preventing broken SSL is enough reason not to do it. Also, external content can be used to track memo users.
2
550
replied 2347d
You can't implement a system to block broken SSL requests from rendering images to display? Not to sound anti-privacy, but there are plenty of other ways to track Memo users already.
Simon Van Gelder
replied 2347d
My test vector was spoofing the return header and sending back something that's not an image.


About Privacy Terms Stats