Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This isn’t one of those. Handing large amounts of unvalidated user input to these libraries is particularly dangerous.



To be fair most everything under the hood passes through to these libraries. So even sticking with python means passing unvalidated blobs through to libpng/jpeg/tiff or some other low level language.

It's the entire reason python is generally fast enough, anything that's slow generally uses a C lib under the hood anyway.


Where is the assumption coming from that it hasn't been validated?


Unvalidated user input? What are you talking about, this is about image resizing. Your buzzwords make no sense.


Yes, and images are user input in this case




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: