[nine_k]

More than that; the trigger code can sit passively and just check the cache for whatever payloads may come its way.

I suppose image sanitizers come soon to browsers. Only sanitized images will be cached; anything the browser can't make sense of will be thrown away.

[account42]

Exif is only the most convenient method here - you can use steganography hide arbitrary data right in the image content itself. Sanitizing would that would mean messing with how images look.

[8n4vidtmkvmk]

ComfyUI embeds workflows in the EXIF data. It's very handy. Would be a little sad if they stripped that out but there are alternatives. I suppose if it's only cached images and not manually downloaded images it wouldn't be bad. It'd probably break some website somehow though.