The problem is rather the opposite of the meme. The file format is fine, but there is so little effort into making it happen.
If we were trying then I should be able to upload webp images everywhere. The most egregious is websites that will convert jpg and png uploads to webp but don’t allow webp upload.
webp isn’t fine, it has a ton of vulnerabilities because it’s not a safe file format. It gets to do too much and it’s insecure for that reason. That’s why you can’t upload your own webp but conversion to it is fine
it has a ton of vulnerabilities because it’s not a safe file format
Its a high compression image file, ffs. If someone sends you a 10 mb .webp file, that should be setting off alarm bells right off the bat. Even then, I have to ask what the hell your Windows Viewer app thinks it should be allowed to do with the file shy of rendering it into pixels on the screen.
The problem is rather the opposite of the meme. The file format is fine, but there is so little effort into making it happen.
If we were trying then I should be able to upload webp images everywhere. The most egregious is websites that will convert jpg and png uploads to webp but don’t allow webp upload.
webp isn’t fine, it has a ton of vulnerabilities because it’s not a safe file format. It gets to do too much and it’s insecure for that reason. That’s why you can’t upload your own webp but conversion to it is fine
The format is fine. The rate of bugs in image parsing code in general is alarming but that is true of just about all the formats.
Its a high compression image file, ffs. If someone sends you a 10 mb .webp file, that should be setting off alarm bells right off the bat. Even then, I have to ask what the hell your Windows Viewer app thinks it should be allowed to do with the file shy of rendering it into pixels on the screen.
I mean, it sounds like you’re saying, “I don’t know how it can be dangerous, therefore it’s not dangerous.”