ricardian-spec icon indicating copy to clipboard operation
ricardian-spec copied to clipboard

Published 20 hours ago verified publisher icon EOSIO

Remove images from the spec.

Open nsjames opened this issue 5 years ago • 0 comments

Images are known to be vulnerable

Image files should be pre-validated by the wallet/authenticator's team prior to being used. They should go through both mechanical sanitizers as well as human eyes and should be retrieved from key authenticated backends which are fully controlled by the team and not any third parties.

Because of this, adding images to ricardians is a danger to wallets and users which could lead to remote execution and complete loss of funds.

nsjames avatar May 12 '19 22:05 nsjames