Jon Sneyers
Jon Sneyers
Looks interesting! The license does not seem to be a problem. The license of the runtime/libraries is what is important, and that is licensed as GPLv2+, which means you can...
Yes, though you could provide both an emscripten and a cheerp version, in case someone needs LGPL. Also, if someone would need an LGPL poly-flif+cheerp, I suppose they could ask...
When I try it with the current version of libheif from the master branch and with the default libaom 1.0.0 from my Ubuntu distribution, all AVIF images including this one...
+1 on this feature request. Provided the application handles getting/setting the animation/frame info chunks, this would mainly require access to a lower level read/write api that can be used both...
If I understand correctly, the main security problem is that secret non-image-data might be exposed cross-origin via side-channel attacks if that non-image-data happens to be misidentified as an image. If...
> > Note that these signatures are all quite short and simple (all should be identifiable using an exact match of 2 to 12 bytes). > > In probably 99%...
From a security perspective, isn't what really counts the number of bytes pulled into the process memory for sniffing purposes? I think the priority should be to reduce that to...
I think that according to the mimesniff spec, clients are supposed to only sniff for image codec signatures in the following scenarios: - there is no Content-type available, or -...
So you can have a ``, and the server can return `Content-type: image/jpeg` where the actual data is a PNG image, and that is supposed to display just fine, but...
This means that new media types can only effectively be introduced once all servers return the correct `Content-type` for them. That is a significant additional adoption hurdle. In many cases,...