Sanitize images in notifications

David Edmundsonrequested to merge
work/d_ed/notification_sizes into master

Notifications are allowed to show local URLs. It's possible to break plasma by loading an image with a URL of file:///dev/urandom.

This could be sent from a remote source; applications emitting notifications should sanitize their input, but we shouldn't solely rely on that.

This adds a few extra checks that the image is a valid local file.

Timing attacks are still possible, but only with locally running code, so not something to be concerned with.

BUG: 506793

Merge request reports