1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Firefox, Wordpress Move to Support Lazy Loading of Images and iFrames

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Firefox, Wordpress Move to Support Lazy Loading of Images and iFrames


IT Security Nachrichten vom | Direktlink: news.slashdot.org Nachrichten Bewertung

"Lazy Loading" would augment HTML's <img> tag (and <iframe> tag) with two new attributes -- "eager" (to load immediately) and "lazy" (to load only when it becomes relevant in the viewport). Felix Arntz, a developer programs engineer at Google (and a WordPress core committer) notes the updates in the HTML specification for the lazy loading attributes, adding that it's "already supported by several browsers, including Chrome and Edge" and also the Android browser and Opera. And lazy loading can now also be toggled on for Firefox 75 Nightly users, reports Neowin, though it's disabled by default: It's not clear if it will be enabled by the time Firefox 75 reaches the stable branch but according to comments on the Bugzilla thread, it's in high demand. Previously, websites could employ lazy loading by using JavaScript but now lazy loading syntax is supported directly in the web browser. The implementation in Firefox comes after Google added the feature to its browser. Google's Arntz has also written a post describing a proposal to begin lazy-loading images by default in Wordpress. The proposed solution is available as a feature plugin WP Lazy Loading in the plugin repository. The plugin is being developed on GitHub. Your testing and feedback will be much appreciated.

Read more of this story at Slashdot.

...

Externe Webseite mit kompletten Inhalt öffnen



https://news.slashdot.org/story/20/02/16/0229240/firefox-wordpress-move-to-support-lazy-loading-of-images-and-iframes?utm_source=rss1.0mainlinkanon&utm_medium=feed

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • Update `wp_kses_bad_protocol()` to recognize `&colon;` on uri attributes

    vom 1191.27 Punkte ic_school_black_18dp
    Update makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this works fine in most cases, there’s a risk that by using the colon html5 named entity, one is able to bypass this function. This vulnerabi
  • Issues related to referrer validation in the admin

    vom 1122.69 Punkte ic_school_black_18dp
    Ensure that admin referrer nonce is valid. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • A way to create a stored XSS to inject Javascript into style tags

    vom 1119.08 Punkte ic_school_black_18dp
    Reject file paths that contain sub-directory paths. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • Prevent unauthenticated views of publicly queryables content types

    vom 1119.08 Punkte ic_school_black_18dp
    The static query property was removed in order to prevent unauthenticated view of publicly queryable content types. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1
  • A server-side request forgery in the way that URLs were validated

    vom 1119.08 Punkte ic_school_black_18dp
    HTTP API: Protect against hex interpretation. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.1
  • [Testing Update] 2020-01-09 - Snap, Firefox-Dev, Packagekit, Gnome

    vom 1094.13 Punkte ic_school_black_18dp
    @philm wrote: Hello community, here is another Testing Update for 2020! Tell us how 2019 was for you ... 1125×289Manjaro ARM Team will be at #FOSDEM2020 Some feature-updates: Updated some snap related packages Added the latest Firefox devel
  • [Testing Update] 2020-01-22 - Linux55, Brave, KDE

    vom 1078.83 Punkte ic_school_black_18dp
    @philm wrote: Hello community, here is another Testing Update ... 1224×685If you missed the last EU BDDL here you go Some feature-updates: linux55 got updated to the last RC brave got updated some KDE fixes The usual upstream fixes If you like following latest Plasma development you may also
  • Escape file name for wp_ajax_upload_attachment to prevent XSS

    vom 1061.32 Punkte ic_school_black_18dp
    Set also default MIME type to "text/plain" instead of HTML. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7 WordPress 3.7.
  • Improve comment content filtering

    vom 992.73 Punkte ic_school_black_18dp
    With a maliciously crafted comment, a WordPress post was vulnerable to cross-site scripting. This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1 WordPress 3.7
  • Possible indexed activation screen could lead to exposure of sensitive information

    vom 928.1 Punkte ic_school_black_18dp
    The user activation screen could be indexed by search engines in some uncommon configurations which could lead to exposure of email addresses, and in some rare cases, default generated passwords. Part of security release 5.0.1 This vulnerability aff
  • Bypass MIME verification by specifically crafted files

    vom 927.75 Punkte ic_school_black_18dp
    Authors on Apache-hosted sites could upload specifically crafted files that bypass MIME verification, leading to a cross-site scripting vulnerability. Part of security release 5.0.1 This vulnerability affects the following application versions: Wo
  • Object injection in metadata by contributors

    vom 927.75 Punkte ic_school_black_18dp
    Contributors could craft meta data in a way that could result in PHP object injection. Part of security release 5.0.1 This vulnerability affects the following application versions: WordPress 3.6 WordPress 3.6.1

Team Security Diskussion über Firefox, Wordpress Move to Support Lazy Loading of Images and iFrames