From 40704bdfc97aebfa93a9d82751efd84a6e846b92 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?John=20Molakvo=C3=A6?= <skjnldsv@protonmail.com>
Date: Thu, 13 Oct 2022 19:12:27 +0200
Subject: [PATCH] Use preview for unsupported images
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
---
 src/components/Images.vue | 13 ++++++++-----
 src/models/images.js      | 32 +++++++++++++++++++++++---------
 2 files changed, 31 insertions(+), 14 deletions(-)

diff --git a/src/components/Images.vue b/src/components/Images.vue
index 7dcb26782..733a4b744 100644
--- a/src/components/Images.vue
+++ b/src/components/Images.vue
@@ -75,14 +75,17 @@ export default {
 
 	asyncComputed: {
 		data() {
-			switch (this.mime) {
-			case 'image/svg+xml':
+			// Avoid svg xss attack vector
+			if (this.mime === 'image/svg+xml') {
 				return this.getBase64FromImage()
-			case 'image/gif':
+			}
+
+			// Load the raw gif instead of the static preview
+			if (this.mime === 'image/gif') {
 				return this.davPath
-			default:
-				return this.previewpath
 			}
+
+			return this.previewPath
 		},
 	},
 	watch: {
diff --git a/src/models/images.js b/src/models/images.js
index 9e625c4af..e6f576dc3 100644
--- a/src/models/images.js
+++ b/src/models/images.js
@@ -26,21 +26,37 @@ import Images from '../components/Images.vue'
 
 const enabledPreviewProviders = loadState(appName, 'enabled_preview_providers', [])
 
-const mimes = [
-	'image/bmp',
+/**
+ * Those mimes needs a proper preview to be displayed
+ * if they are not enabled on the server, let's not activate them.
+ */
+ const previewSupportedMimes = [
 	'image/heic',
 	'image/heif',
+	'image/tiff',
+	'image/x-xbitmap',
+]
+
+/**
+ * Those mimes are always supported by the browser
+ * Since we fallback to the source image if there is no
+ * preview, we can always include them.
+ */
+const browserSupportedMimes = [
+	'image/apng',
+	'image/bmp',
+	'image/gif',
 	'image/jpeg',
 	'image/png',
-	'image/tiff',
+	'image/svg+xml',
 	'image/webp',
-	'image/x-xbitmap',
+	'image/x-icon',
 ]
 
 // Filter out supported mimes that are _not_
 // enabled in the preview API
 const filterEnabledMimes = () => {
-	return mimes.filter(filter => {
+	return previewSupportedMimes.filter(filter => {
 		return enabledPreviewProviders.findIndex(mimeRegex => {
 			// Remove leading and trailing slash from string regex
 			const regex = new RegExp(mimeRegex.replace(/^\/|\/$/g, ''), 'i')
@@ -50,7 +66,7 @@ const filterEnabledMimes = () => {
 }
 
 const enabledMimes = filterEnabledMimes()
-const ignoredMimes = mimes.filter(x => !enabledMimes.includes(x))
+const ignoredMimes = previewSupportedMimes.filter(x => !enabledMimes.includes(x))
 if (ignoredMimes.length > 0) {
 	logger.warn('Some mimes were ignored because they are not enabled in the server previews config', { ignoredMimes })
 }
@@ -59,9 +75,7 @@ export default {
 	id: 'images',
 	group: 'media',
 	mimes: [
-		// Gif and svg images does not rely on previews
-		'image/gif',
-		'image/svg+xml',
+		...browserSupportedMimes,
 		...enabledMimes,
 	],
 	component: Images,