I'm working on a image editor/uploader based around Pixastic where I grab image data out of an <input> tag, put it into a canvas, and after manipulating it, encode the data in base 64 and post it to my app with javascript, where it will be saved as a new image file. If it were a standard file upload, I would give the file a new (safe) name, test to make sure it was really an image file and copy it to strip any potentially malicious/personal EXIF data before making it available to users.
My question is - do those security measures make sense in the canvas situation, or are they pointless? Additionally, are there any security issues with my approach that I'm overlooking?
Fyi: the serverside decoding/etc will be done with php.
Thanks.
