Forum Discussion

MissyQ's avatar
MissyQ
Former Employee
Apr 07, 2020

Top Feedback Summary for April 7

Note: This is no longer the most recent top feedback summary. You can always find the latest at https://aka.ms/MSEdgeTopFeedback.   Greetings, Insiders! Welcome to the first full week of April! W...
HotCakeX's avatar
HotCakeX
MVP
Apr 09, 2020

Reza_Ameri-Archived 

Spoiler
Reza_Ameri-Archived wrote:
Add Custom image is really cool feature , however as we experience in the past when it comes to customize image and ability to upload, there are people who embed malicious files inside image and cause running some malicious scripts during upload. Please make sure during the upload process it verify and make sure the picture which is being uploaded is checked over security requirements and doesn't have any malicious code imbedded into it. Since Microsoft Edge associated with Windows Kernel objects, it is very important to make sure picture are being uploaded safety.

Windows provides several protection features on such attacks and we observed very minor attacks like this one, but taking extra care and make sure all validation are in place is best practice. It is also good idea if there is option like Sync image with my background, so user could chose if they sign in with Microsoft Account and in their Microsoft Account, they set to Sync personalize options, then Sync background with the one available in PC linked to Microsoft Account (user should be able to turn on/off). Also ability to sync with current background, if it is local account.

where do you see the ability to upload for the new tab page custom picture?

Reza_Ameri-Archived's avatar
Reza_Ameri-Archived
Bronze Contributor
Apr 10, 2020

HotCakeX 

I was referring to "First up, the newly Addressed! Option to set a custom photo as the New Tab Page background photo is now in our Dev channel. " , my point is this is cool feature but there are security issue should be taken into consideration.

  • HotCakeX's avatar
    HotCakeX
    MVP
    Apr 10, 2020

    Reza_Ameri-Archived 

    Spoiler
    Reza_Ameri-Archived wrote:

    HotCakeX 

    I was referring to "First up, the newly Addressed! Option to set a custom photo as the New Tab Page background photo is now in our Dev channel. " , my point is this is cool feature but there are security issue should be taken into consideration.

    I know, but I asked where do you see the "upload" option?

     

     

    • Reza_Ameri-Archived's avatar
      Reza_Ameri-Archived
      Bronze Contributor
      Apr 11, 2020
      I haven't try new build yet, but from explanation and "Note: You can only upload a .jpeg, .jpg, or .png file as your image." , it means we definitely have upload icon. So may be this feature is being deployed. I post the message as reminder for security consideration for Microsoft Edge team.
      • HotCakeX's avatar
        HotCakeX
        MVP
        Apr 11, 2020

        Reza_Ameri-Archived 

        Spoiler
        Reza_Ameri-Archived wrote:
        I haven't try new build yet, but from explanation and "Note: You can only upload a .jpeg, .jpg, or .png file as your image." , it means we definitely have upload icon. So may be this feature is being deployed. I post the message as reminder for security consideration for Microsoft Edge team.

        the word "upload" in that sentence simply means browsing for a picture and letting Edge use that picture, something like a local upload if you will.

        of course those security measures will be considered if users' custom images are to be upload to Microsoft servers.

Resources