Forum Discussion
Top Feedback Summary for April 7
Note: This is no longer the most recent top feedback summary. You can always find the latest at https://aka.ms/MSEdgeTopFeedback.
Greetings, Insiders! Welcome to the first full week of April! W...
Add Custom image is really cool feature , however as we experience in the past when it comes to customize image and ability to upload, there are people who embed malicious files inside image and cause running some malicious scripts during upload. Please make sure during the upload process it verify and make sure the picture which is being uploaded is checked over security requirements and doesn't have any malicious code imbedded into it. Since Microsoft Edge associated with Windows Kernel objects, it is very important to make sure picture are being uploaded safety.
Windows provides several protection features on such attacks and we observed very minor attacks like this one, but taking extra care and make sure all validation are in place is best practice. It is also good idea if there is option like Sync image with my background, so user could chose if they sign in with Microsoft Account and in their Microsoft Account, they set to Sync personalize options, then Sync background with the one available in PC linked to Microsoft Account (user should be able to turn on/off). Also ability to sync with current background, if it is local account.
Windows provides several protection features on such attacks and we observed very minor attacks like this one, but taking extra care and make sure all validation are in place is best practice. It is also good idea if there is option like Sync image with my background, so user could chose if they sign in with Microsoft Account and in their Microsoft Account, they set to Sync personalize options, then Sync background with the one available in PC linked to Microsoft Account (user should be able to turn on/off). Also ability to sync with current background, if it is local account.
- Spoiler
Reza_Ameri-Archived wrote:
Add Custom image is really cool feature , however as we experience in the past when it comes to customize image and ability to upload, there are people who embed malicious files inside image and cause running some malicious scripts during upload. Please make sure during the upload process it verify and make sure the picture which is being uploaded is checked over security requirements and doesn't have any malicious code imbedded into it. Since Microsoft Edge associated with Windows Kernel objects, it is very important to make sure picture are being uploaded safety.
Windows provides several protection features on such attacks and we observed very minor attacks like this one, but taking extra care and make sure all validation are in place is best practice. It is also good idea if there is option like Sync image with my background, so user could chose if they sign in with Microsoft Account and in their Microsoft Account, they set to Sync personalize options, then Sync background with the one available in PC linked to Microsoft Account (user should be able to turn on/off). Also ability to sync with current background, if it is local account.where do you see the ability to upload for the new tab page custom picture?
I was referring to "First up, the newly Addressed! Option to set a custom photo as the New Tab Page background photo is now in our Dev channel. " , my point is this is cool feature but there are security issue should be taken into consideration.
- Spoiler
Reza_Ameri-Archived wrote:I was referring to "First up, the newly Addressed! Option to set a custom photo as the New Tab Page background photo is now in our Dev channel. " , my point is this is cool feature but there are security issue should be taken into consideration.
I know, but I asked where do you see the "upload" option?
