BoarAvoir [they/them]

  • 2 Posts
  • 10 Comments
Joined 2 years ago
cake
Cake day: December 29th, 2022

help-circle



  • As others have mentioned, that was implemented in a hurry due to tightening up security and safety around embedded images. I’ve brought it up to the devs to hopefully rectify, as if an instance is trustworthy enough to federate with (aka, not actively malicious) then it is probably safe to show their embeds (behind a blur).

    At the latest, this restriction will go away when lemmy upgrades to pictrs 0.5 which will support proxying image requests, but unless there are objections from the rest of the team we will likely add all federated instances to the image allowlist before then.







  • Yes, you are on the right track.

    What actually happened is, for the migration back to upstream lemmy, our devs developed and contributed the custom emoji feature, so that we could keep them, but since we were uploading them through the UI not baking them into the app when it was built as static assets, they had to go into pictrs (the image backend), which doesn’t support SVGs yet. So as part of our migration we converted all SVG emotes back to PNG (apparently at a pretty substantial resolution).

    They render correctly on our side because the UI recognizes that they are a local custom emoji and applies different CSS than we do for other embedded images, but as currently written, there is no simple way to differentiate a federated emoji from any other embedded image, so when federated, our emoji get rendered as just any image, at whatever size the file is. We will likely contribute a fix for this upstream, though resizing all of our emotes to a consistent size would also do the trick, and may be undertaken as a stopgap in the mean time.