Constrain image source schemes and reconcile out-of-hash dispositions#80
Merged
Conversation
Three consistency fixes drawn from earlier review notes: - Constrain core image and svg `src` to the shared safe-image URI allowlist, the same constraint already applied to other author-controlled URI fields. Relative asset paths, https, and data: raster images remain valid; javascript:, data:text, and data:image/svg+xml are rejected. An svg file's rendered content remains subject to the sanitize-all-SVG rule. - Split the State Machine's "missing referenced part" disposition by the integrity-binding axis. A part bound by the document hash or the manifest projection (a declared presentation layer) remains an integrity error on a frozen or published document, but a part outside both — the provenance record — degrades to a warning, consistent with that axis and with the security extension's negative-coverage statement that provenance carries no hash and is not bound. - Clarify that a defect in the internal graph of an out-of-hash layer — a broken phantom connection target or a duplicate phantom id — is a layer-load disposition, not a document integrity error: because the phantom layer is outside the hash and bound by no signature, such a defect never changes the document id or invalidates a signature. Validation and prose only; no document id or manifest projection moves.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three consistency fixes drawn from earlier review notes (none move a document id or a manifest projection):
image.srcandsvg.srcwere unconstrained strings; they now use the sharedsafeImageUriallowlist (the same constraint already onlinkMark.href,author.avatar, etc.). Relative asset paths,https, anddata:raster images stay valid;javascript:,data:text, anddata:image/svg+xmlare rejected. An SVG file's rendered content remains subject to the sanitize-all-SVG rule (Renderer Safety §3.1). +2 closure vectors.presentationorprovenancepart identically is split by the §5.4.2 integrity-binding axis: a part bound by the document hash or manifest projection (presentation) stays INTEGRITY-ERROR on a frozen document, while a part outside both (provenance) → WARNING — consistent with that axis and with Security §9.8 (provenance is path-only, unbound).connectiontarget or duplicate phantom id is a layer-load disposition, not a document INTEGRITY-ERROR — the phantom layer is outside the hash and bound by no signature, so such a defect never changes the document id or invalidates a signature.Test plan
image.src/svg.srcclosure vectors (safe src accepted,javascript:rejected); seed-and-revert: ajavascript:src in a real example failsvalidate:exampleson the safe-image pattern.check:document-id(11/11) andcheck:manifest-projection(2/2) unmoved — validation + prose only.check:refsresolves the new "Security Extension §9.8" / "State Machine §5.4.3" cross-references.npm ci(verified by exit code);tsc --noEmitclean;npm audit0 high.