Imgbot icon indicating copy to clipboard operation
Imgbot copied to clipboard
verified publisher icon imgbot

Strip image metadata to save space and add security

Open mlissner opened this issue 5 years ago • 2 comments

I run a small static site that has imgbot enabled. Love it!

Recently, we got a vulnerability report that we aren't stripping metadata from the images we post on the site. So far, nothing too nasty has slipped through, but since it's a static site, it'd be nice if imgbot did some metadata stripping. I know this wouldn't be a perfect solution except in private git repos, but it'd still be an improvement, since most people aren't going to splelunk into git history to find images with metadata on them.

This would also help with filesize, though perhaps not too much.

Is this something imgbot might consider doing?

mlissner avatar Dec 11 '20 21:12 mlissner

Hi @mlissner 👋 👋

Can you share a little more info here? Do you have an example image or what specific metadata still exists on your image after compression?

dabutvin avatar Mar 10 '21 21:03 dabutvin

Good to hear from you, @dabutvin. The photo here is a good example: https://free.law/images/hughes.jpeg

If you paste that link into this website, it shows you a lot of metadata that's still on it (CTRL+F for "gimp"):

http://exif.regex.info/exif.cgi

mlissner avatar Mar 11 '21 18:03 mlissner

I think #1244 is a dup of this

cooljeanius avatar Sep 24 '23 20:09 cooljeanius

Closing as a dup.

mlissner avatar Sep 24 '23 22:09 mlissner