Adding protections for URLs and thumbnail #60
Description
I've been thinking about something I've noticed with URL and image providers in the past. When you upload an image, in some cases a malicious image hoster would change what that URL points to after some time. They would redirect it to marketing material or asking users to upgrade to Pro to see the content. Or maybe a malicious user can point to https://personalsite.com/image.png, and then after a day after it gets approved in the sub they would change the image URL to troll or marketing material etc.
I think we need to introduce a new field in Plebbit guard against this. It could be a new field, comment.urlCid which is the CID of the fully loaded image. This way, clients can verify in real time that the image hasn't been manipulated once it loads.
It also doubles as a peer-to-peer way of sharing images, even though we probably won't use that feature at the moment. But maybe someone in the future will create a client with p2p image and thumbnail fetching, and in that case having the CIDs already there would make it so much easier.
I guess we need to decide is it the user or subplebbit who will download the URL and compute the CID? imo it should probably be the subplebbit since the user could be maliciously add a CID that points to illegal material or just lying about what CID does the URL point to.
The sub won't be providing the image or anything like that, it's merely a calculation of its CID.
I guess we would need another thumbnailUrlCid as well too
Esteban:
yes we should probably add comment.linkCid at some point. the author's client can fetch the image, get it's cid (even in the browser apparently, using element and ) and then automatically add it to the comment, similar to how comment.linkWidth is added, that would be done in the hooks
not sure we'd be able to use it to validate the hash in the browser though, you'd have to do the canvas trick for each image you load, it might be slow. it could potentially be used only on the main post image to make sure it hasnt changed. if it's just one image per page, and can be done async, it should be fine. it probably cant validate all images in a feed in real time.