Image links are broken for markdown files #31747
Comments
Legend-Master
added
Issue-Bug
|
We do this for security reasons. However the user should be informed of this like in the Previewer.
|
|
We should add an information about the disabled JavaScript when previewing HTML files too. Because the html file might behave broken without JavaScript. |
|
Is it possible to just allow local images and videos? This alone shouldn't cause any security problems I think |
I would like to disagree. The security concern for other local images is not really there, but imagine the following scenario:
That's why I don't think enabling this would be a good idea. |
|
A remote resource would be a problem, so I asked if allowing just the local images would be possible, as a lot of readme files contain path reference images If we we can't separate local resources from the remote ones, I agree disable this entirely would be the right choice |
|
Would be great if a way to fix this was found. Maybe you can try sending the request to get the image/video data through the default browser (like Chrome)? That way the security of it is handled by Chrome and the previewer gets to show the media. |
|
If the images linked using markdown are local and not remote images, what's the security concern? Local GIF, PNG, JPG, AVIF, and WEBP cannot make remote calls when opened, as far as I know. Maybe with local SVG links, this might be considered a security issue. Please address this issue. The entire point of the peek/preview is that we'd like to avoid opening the files in other applications. |
Microsoft PowerToys version
0.79.0
Installation method
GitHub
Running as admin
Yes
Area(s) with issue?
Peek
Steps to reproduce
Use Peek to open a markdown file that contains an image
✔️ Expected Behavior
Chromium (local links)
Visual Studio Code (remote links)
❌ Actual Behavior
Chromium (local links)
Visual Studio Code (remote links)
Other Software
No response
The text was updated successfully, but these errors were encountered: