Skip to content

Constrain image source schemes and reconcile out-of-hash dispositions#80

Merged
gvonnessi merged 1 commit into
mainfrom
cleanup-advisory-followups
Jun 29, 2026
Merged

Constrain image source schemes and reconcile out-of-hash dispositions#80
gvonnessi merged 1 commit into
mainfrom
cleanup-advisory-followups

Conversation

@gvonnessi

Copy link
Copy Markdown
Collaborator

Summary

Three consistency fixes drawn from earlier review notes (none move a document id or a manifest projection):

  • Image/SVG source schemes. Core image.src and svg.src were unconstrained strings; they now use the shared safeImageUri allowlist (the same constraint already on linkMark.href, author.avatar, etc.). Relative asset paths, https, and data: raster images stay valid; javascript:, data:text, and data:image/svg+xml are rejected. An SVG file's rendered content remains subject to the sanitize-all-SVG rule (Renderer Safety §3.1). +2 closure vectors.
  • Out-of-hash "missing part" disposition. The State Machine §5.4 row that treated a missing presentation or provenance part identically is split by the §5.4.2 integrity-binding axis: a part bound by the document hash or manifest projection (presentation) stays INTEGRITY-ERROR on a frozen document, while a part outside both (provenance) → WARNING — consistent with that axis and with Security §9.8 (provenance is path-only, unbound).
  • Phantom internal-graph dispositions. Clarified (phantoms §4.7/§4.3 + a State Machine §5.4.3 state-invariant bullet) that a broken phantom connection target or duplicate phantom id is a layer-load disposition, not a document INTEGRITY-ERROR — the phantom layer is outside the hash and bound by no signature, so such a defect never changes the document id or invalidates a signature.

Test plan

  • image.src/svg.src closure vectors (safe src accepted, javascript: rejected); seed-and-revert: a javascript: src in a real example fails validate:examples on the safe-image pattern.
  • check:document-id (11/11) and check:manifest-projection (2/2) unmoved — validation + prose only.
  • check:refs resolves the new "Security Extension §9.8" / "State Machine §5.4.3" cross-references.
  • All 19 gates green from a clean npm ci (verified by exit code); tsc --noEmit clean; npm audit 0 high.

Three consistency fixes drawn from earlier review notes:

- Constrain core image and svg `src` to the shared safe-image URI
  allowlist, the same constraint already applied to other author-controlled
  URI fields. Relative asset paths, https, and data: raster images remain
  valid; javascript:, data:text, and data:image/svg+xml are rejected. An
  svg file's rendered content remains subject to the sanitize-all-SVG rule.

- Split the State Machine's "missing referenced part" disposition by the
  integrity-binding axis. A part bound by the document hash or the manifest
  projection (a declared presentation layer) remains an integrity error on
  a frozen or published document, but a part outside both — the provenance
  record — degrades to a warning, consistent with that axis and with the
  security extension's negative-coverage statement that provenance carries
  no hash and is not bound.

- Clarify that a defect in the internal graph of an out-of-hash layer — a
  broken phantom connection target or a duplicate phantom id — is a
  layer-load disposition, not a document integrity error: because the
  phantom layer is outside the hash and bound by no signature, such a
  defect never changes the document id or invalidates a signature.

Validation and prose only; no document id or manifest projection moves.
@gvonnessi gvonnessi merged commit 99c101f into main Jun 29, 2026
2 checks passed
@gvonnessi gvonnessi deleted the cleanup-advisory-followups branch June 29, 2026 23:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant