I'm a Senior DevOps Architect and publish most of my projects as open source. I have a wife, a son and a real life in Hamm, Germany. In my part-time I enjoy making games, music and acting. (He/him)
That is pretty awesome. Thanks. I'm thinking about possible security implications of this. Just like when PDFs got hacked. But the concept is different here. It would be worse if the file would be in an img tag and the browser would display it and run the JavaScript code.
But we want to execute it anyway. Our solution here is to just not tell the browser that it's an image. For that I wrote a small server that serves the image without any header information
That is pretty awesome. Thanks. I'm thinking about possible security implications of this. Just like when PDFs got hacked. But the concept is different here. It would be worse if the file would be in an img tag and the browser would display it and run the JavaScript code.
Exactly
This post is a zero day attack 😂😂😂
But we want to execute it anyway. Our solution here is to just not tell the browser that it's an image. For that I wrote a small server that serves the image without any header information
Its a nice project tho
How is it a zero day attack? The
<img>
tag will never execute its content as javascript, regardless of the response headers.