-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow pasting an image with data URL scheme in src, if strict CSP rules are defined #8707
Conversation
resolve( file ); | ||
} ) | ||
.catch( reject ); | ||
export function createImageFile( image ) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor breaking change –> should be added to the merge commit message.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is no longer a minor breaking change in this PR, because the original fetchLocalImage()
public helper is unchanged.
canvas.toBlob( | ||
blob => blob ? resolve( blob ) : reject(), | ||
getImageMimeType( imageSrc ), | ||
1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure if we should not use a default value for qualityArgument
- it's 0.92 for jpeg. What do you think @Reinmar ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have no idea what it affects. I don't know the context of this code. Could you try to explain the context and pros/cons of both approaches?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The current implementation is just fetching the image from data:
URL so its quality remains the same as the pasted image, but in this PR we are using Canvas
to draw the image and then toBlob
is used to generate jpeg (or other image formats). While converting to jpeg, the image data is compressed. By default, toBlob
is using 0.92 compression ratio so it affects the size of the generated blob but also the quality of the image. The question is whether we should let the browser to use the default quality or we should try to keep the best quality possible (the hardcoded 1
in the code above).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still, pros/cons of both options are not 100% clear for me. E.g. I can only guess that using 1
will increase network traffic. Am I right?
Also, if we'll use 0.92
will it work execatly like it worked before? Or will like... compress again something that was already compressed adding another level of data loss to what's already a compressed thing?
Again, this requires analysis from you guys and explaining to me what does it actually do. Consider me dumb as a chair's leg for the purpose of this review ;)
Ok, as the discussion in #8707 (comment) seems to be more product specific and not the code itself I'm extracting it here: The current implementation is just fetching the image binary data that was provided from the clipboard (compressed image) and uploads it to the server (without any change). In this PR this is changed, the image is no longer fetched, it's now loaded as a standard image element, then it's drawn onto an internal canvas element, so the image is decompressed to the pixels data, and then it's compressed to the same file format. So the original image is once again compressed and if it was using lossy compression, then another round of compression is increasing losses of the quality of the image. During recompression of the pixel data to the image that will be uploaded to the server, we can specify the quality argument, a number between And here comes the question - what compression ratio should we use to recompress the image:
Currently, the image binary data is passed to the server without any changes, after the change it would recompress the original image. |
Maybe changes from this PR should be provided as a fallback to the original code? I see 2 options:
|
That'd make sense. Both options ( |
In next days I'll try to change my solution with canvas to a fallback procedure, which will be called in case |
I've re-worked the whole solution. The original behaviour with
|
I also don't like the error logged in the console. I was thinking about how could we avoid it. I can see two options:
|
I've tested this PR and it is working on manual tests. I did not find any regression. When copying and pasting some content with an images console returns error for each image: utils.js:43
Refused to connect to 'data:image/jpeg;base64,/9j/4AA.....ChQo6RH//Z' because it violates the document's Content Security Policy. but image is added and editor is still working correctly. |
What do you think about such a configuration option? |
Just to be sure – if someone has strict CSP rules, how often will they see the error? Is this for all content coming from Word or in specific cases only? |
AFAIK every content pasted from Word that contains an image will trigger that error. |
So it seems that the option would be justified. Alternatively, we can release this fix without the option and see if anyone complains. There's a high chance no one will, as long as it works. |
canvas.toBlob( blob => blob ? resolve( blob ) : reject() ); | ||
} ); | ||
|
||
image.addEventListener( 'error', reject ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line triggers an alert with [object Event]
in it, maybe we could replace this line with image.addEventListener( 'error', () => reject() );
to ignore those errors?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, good hint 👍🏻
Suggested merge commit message (convention)
Fix (image): Allow pasting an image with data URL scheme in src, if strict CSP rules are defined. Closes #7957.