Rocket.chat: SVG with several XLink references makes browser unresponsive

Created on 6 Mar 2019 · 7Comments · Source: RocketChat/Rocket.Chat

Posting this link makes the chat unresponsive:

The chat should not become unresponsive.

The chat becomes unresponsive.

Every possible setup.

No additional context required.

No relevant logs.

file sharing security improvement

Source

99991

All 7 comments

@99991 would you please specify this issue with the issue template, otherwise, this will be closed. Thanks 👍

knrt10 on 6 Mar 2019

😄1

No problem! I deleted the part where I suggest a possible fix because there was no applicable point in the template.

99991 on 6 Mar 2019

👍1

Why can't I load the svg normally?

fliptrail on 7 Mar 2019

It takes a few hours to load.

99991 on 7 Mar 2019

😕1

Welp, I don't see any workaround for arbitrary SVG rendering other than disabling any SVG image preview.

tassoevan on 8 Mar 2019

Here are a few solutions:

Try to convert the SVG to PNG and if that takes longer than some arbitrary duration, don't embed the image: timeout 1s convert bug.svg test.png; echo $? (Could use some SVG rendering library in a separate process instead of convert tool) - The easiest solution, but makes server vulnerable to denial-of-service if SVG uploads are not limited.
Parse the SVG and calculate number of nodes. Don't embed SVGs with more than some number of nodes. - The most elegant solution, but requires more work.
Keep bugging browser vendors until they fix this denial-of-service vector. - Probably futile. At least the Chrome devs think that "crashing is a reasonable thing to do". (link is to issue for XML billion laughs attack, but issues with SVG got merged into this issue) The issue in the firefox bugtracker is still open after 11 years.