Comments (9)
I'd like to add that this issue only occurs if the image is being fetched from CDN's which do not set CORS headers for their resources, since we do sanitization after running into CORS policy error
from memos.
I believe the issue may have something to do with this canvas.toDataUrl()
.
As far as I can understand, when we try to draw a tainted canvas, i.e. using cross-origin images within that canvas, a security error is encountered within safari. The origin-clean
flag is set to false which I guess does not allow canvas.toDataUrl()
to work as intended in later versions of safari. Reference
I have checked with safari v16, but won't be able to test with newer versions since I do not have physical access to a mac.
from memos.
@wzc90 have you tried with other image uri's as well? I just tested on an older version of safari (15.6), and it works there.
UPDATE: It indeed doesn't work as intended on safari, you can actually see the image being rendered perfectly when you click on share, but in the downloaded image there is no error like before, rather the linked img somehow becomes transparent.
I'm not sure what is causing this, but will see what i can do
from memos.
Issue is not in English. It has been translated automatically.
Title: The image cannot be loaded when sharing a note containing an image link as an image.
Describe the bug
When sharing notes using images, if the note contains an image link like ![]()
, the image cannot be loaded in the shared image.
Steps to reproduce
- Write a note containing a
![]()
image link, which is visible to the image - Click to share the note and select the image. The image is still visible. Click the image to download.
- Open the downloaded image and find that the image cannot be loaded.
The version of Memos you're using
0.20.1
Screenshots or additional context
No response
from memos.
@boojack I would like to contribute, but would require some help since I'm not sure how to resolve this. Going through the code, it seems like there is a problem with the sanitization of the image content.
I've tested without the Sanitization code and found that it works fine. Since we are using a third party sanitizer, i think the problem would be resolved if we switch over to something else or implement our own.
Image without sanitization code
from memos.
@YohannKovacs @boojack I found that the bug still exists now when using Safari on MacBook, but on other browsers the bug is fixed!
from memos.
@YohannKovacs That's the problem.
from memos.
@wzc90 Can you check the live demo as well? Surprisingly ,I tested on the live demo and found it to be working.
from memos.
@YohannKovacs Just checked the live demo.It doesn't work for my Safari , the downloaded image was transparent too.
from memos.
Related Issues (20)
- 公开内容增加搜索功能和标签展示 HOT 2
- deploy memos not use docker in windows10 HOT 4
- 手机版web页面 分享链接bug HOT 2
- CORS error HOT 2
- 反向代理访问不了 HOT 2
- Public memo/comment id sharing URL not found HOT 1
- username shows id in update information HOT 1
- referenced memo link leads to 404 HOT 1
- embedding referenced memo result in "Memo not found: memos" HOT 1
- can support link other memos by @ in textbox HOT 1
- 在win10使用docker desktop部署的memos出现数据丢失问题 HOT 12
- 为什么我将docker镜像从0.20.1升级成latest(0.21.0)之后,访问列表和时间线等页面都会加载很久,有时候根本加载不出来 HOT 4
- Github Security Lab Vulnerability Report HOT 1
- 为什么无法直接勾选checkbox HOT 3
- 自定义功能请求,到最新demo V0.21.0未能实现 HOT 1
- 升级0.21.0 docker版本后标签编辑功能没有了 HOT 2
- How to login after turning on "Disable password login"? HOT 2
- The image with the same name will be overwritten HOT 6
- Why after I upgraded the docker image from 0.20.1 to 0.21.0, pages such as the memos list and timeline take a long time to load, and sometimes they cannot be loaded at all. HOT 4
- 希望增加修改创建时间的功能 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from memos.