A word of caution: There are SVGs which can freeze a page, so make sure that you do not link to any third party SVGs. This is a known bug, but both the Google Chrome and Mozilla team do not want to fix it.
Here is an evil example SVG for demonstration.
DON'T CLICK THIS LINK UNLESS YOU WANT TO RISK CRASHING YOUR BROWSER!
Crash a single page or even the whole browser isn't really a security problem though. In fact, there are so many ways to freeze the whole tab or even browser ui with build-in function if you apply it way too many times. (For example, a long chain of blur filters will make the chrome ui non responsive because the render time will skyrocket.)
Although if the affect area does escape the tab, the issue will have higher priority because that would be annoying to user.
It's recursive, but not XXE. It is 20 layers of nested SVG groups, where the first group contains 10 blue circles, and every subsequent group contains 10 of the previous group. This would render as around 10^20 blue circles.
Yes, SVGs are XML-based and may be vulnerable to generic XML-based XML external entity (XXE) or exponential entity expansion attacks, but this particular malicious SVG is using SVG-specific features to create the resource exhaustion.
The new checkpoints did not seem much better and they changed the chat format for some reason, so I did not port the new checkpoints yet. Perhaps I'll get to it this weekend.
I found CLIP to be _amazing_ for all kinds of image search, like search-by-text or search-by-image. I even ported it to NumPy to understand it better. The whole thing is less than 500 lines of Python (including blank lines and comments): https://github.com/99991/NumPyCLIP
If you ever use the middle mouse button to open links in a new tab, you should disable this "feature" because it is a security vulnerability which allows for grabbing the clipboard content.
I also implemented a batched client-side web tool to resize photos to a certain file size (in a few hundred lines of JS). It only supports JPEG, but it resizes photos almost instantly https://randomforest.net/resizePhoto.html
Here are a few ideas to make yours faster:
1. Use the browser's canvas element to compress JPEG or PNG images instead of WASM. The libraries which come with browsers can use processor-specific instructions, while WASM only targets the smallest common denominator of the most common architectures, so it will be slower.
2. Which resizing method are you using to find a fitting image size? For me, it worked well enough to downscale by some factor a few times until it fits, but if you want to get super close, you could use binary search.
My experience has been that using canvas to resize images produces inconsistent results from one browser to another, and in most cases is higher file size and lower quality than other tools. Enabling imageSmoothingEnabled helps, but is only supported in chromium-based browsers right now:
Here is an evil example SVG for demonstration.
DON'T CLICK THIS LINK UNLESS YOU WANT TO RISK CRASHING YOUR BROWSER!
https://asdf10.com/danger.svg