well if it was working for you, you would have see a color swatch of unique colors. Given this is running in wasm via a rust app I'm not sure about browser compatibility. Give it a try on maybe a desktop? or possibility try again as I pushed a bug just two moments ago and maybe thats why. Github.io takes a moment to update
Edit: I tried on my phone via firefox and it worked so maybe try again.
Given its a wasm app running client side completely from static assets, I'm not worried at all. Do you know of any risk in terms of attack vectors? I guess maybe someone could exploit the client by some other means and then take advantage of the export in some manner the could end up getting the client to download an "image" with embed script. That's also just conjecture I have no clue.
tldr: its possible for images to not really be images. Whenever you are getting user input, its usually best practice to always validate it "server side", in this case, the rust code, which is compiled machine code. An attacker could possibly upload a malicious "image" and if there are rust functions that operate on that data blindly, it could lead to a pwnage (ex. access to memory outside the browser/colorizer program)
10 comments
[ 4.8 ms ] story [ 38.9 ms ] threadEdit: I tried on my phone via firefox and it worked so maybe try again.
tldr: its possible for images to not really be images. Whenever you are getting user input, its usually best practice to always validate it "server side", in this case, the rust code, which is compiled machine code. An attacker could possibly upload a malicious "image" and if there are rust functions that operate on that data blindly, it could lead to a pwnage (ex. access to memory outside the browser/colorizer program)