Disallow data URIs

JimBobSquarePants · JimBobSquarePants · commit 33346090d65e · 2023-02-08T20:50:35.000+10:00
diff --git a/src/ImageSharp.Web/TagHelpers/ImageTagHelper.cs b/src/ImageSharp.Web/TagHelpers/ImageTagHelper.cs
@@ -198,8 +198,9 @@ public override void Process(TagHelperContext context, TagHelperOutput output)
             Guard.NotNull(output, nameof(output));
 
             string src = output.Attributes[SrcAttributeName]?.Value as string ?? this.Src;
-            if (string.IsNullOrWhiteSpace(src))
+            if (string.IsNullOrWhiteSpace(src) || src.StartsWith("data", StringComparison.OrdinalIgnoreCase))
             {
+                base.Process(context, output);
                 return;
             }
 

Original file line number	Diff line number	Diff line change
`@@ -198,8 +198,9 @@ public override void Process(TagHelperContext context, TagHelperOutput output)`
`198`	`198`	`Guard.NotNull(output, nameof(output));`
`199`	`199`
`200`	`200`	`string src = output.Attributes[SrcAttributeName]?.Value as string ?? this.Src;`
`201`		`- if (string.IsNullOrWhiteSpace(src))`
	`201`	`+ if (string.IsNullOrWhiteSpace(src) \|\| src.StartsWith("data", StringComparison.OrdinalIgnoreCase))`
`202`	`202`	`{`
	`203`	`+ base.Process(context, output);`
`203`	`204`	`return;`
`204`	`205`	`}`
`205`	`206`