Conversation
…ur améliorer la sécurité
There was a problem hiding this comment.
Pull request overview
This PR replaces the base64-img package with native Node.js file reading and base64 encoding to improve security, addressing issue #447.
Changes:
- Removed the
base64-imgdependency from package.json - Implemented native base64 encoding using Node.js
fsandBufferAPIs in the build script
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| package.json | Removed the base64-img dependency |
| build/release/package.js | Replaced base64-img.base64Sync() with native file reading and base64 encoding, including MIME type detection |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| case '.svg': return 'image/svg+xml'; | ||
| case '.gif': return 'image/gif'; | ||
| case '.webp': return 'image/webp'; | ||
| default: return 'application/octet-stream'; |
There was a problem hiding this comment.
The fallback MIME type 'application/octet-stream' for unsupported image formats may cause issues with CSS url() declarations. Consider either throwing an error for unsupported formats or logging a warning to alert developers when an unexpected file type is encountered.
| default: return 'application/octet-stream'; | |
| default: | |
| console.warn(`[package] Unsupported image format '${ext}' for file '${url}'. Falling back to 'application/octet-stream'.`); | |
| return 'application/octet-stream'; |
…h.template PR IGNF/geopf-extensions-openlayers#488 côté extensions geopf pour ol
|
IGNF/cartes.gouv.fr-entree-carto#962 --> Pour tester côté entrée carto OK pour moi, je n'ai rien vu de cassé |
Remplacer base64-img par une lecture/encodage natif pour améliorer la sécurité
cf. issue #447
L'encodage base64 est réalisé via la commande :
npm run publishElle permet de convertir les images en base64 dans les CSS.
Comment tester ?