Protection against malicious PNG in Django

Question

I found following security notice on Django website:

Django’s media upload handling poses some vulnerabilities when that media is served in ways that do not follow security best practices. Specifically, an HTML file can be uploaded as an image if that file contains a valid PNG header followed by malicious HTML. This file will pass verification of the library that Django uses for ImageField image processing (Pillow). When this file is subsequently displayed to a user, it may be displayed as HTML depending on the type and configuration of your web server.

Unfortunately there is no addition information how to protect website agains that malicious PNG so i have some questions:

1. How should i configure my webserver (nginx)?
2. How can i generate html as PNG to upload it on server and ensure it will not displayed as html?
3. Should i add additional image check on upload and what is best solution/library (libmagick probably) for that?

Answer 1

According to the Django Docs:

No bulletproof technical solution exists at the framework level to safely validate all user uploaded file content, however, there are some other steps you can take to mitigate these attacks:

1. One class of attacks can be prevented by always serving user uploaded content from a distinct top-level or second-level domain. This prevents any exploit blocked by same-origin policy protections such as cross site scripting. For example, if your site runs on example.com, you would want to serve uploaded content (the MEDIA_URL setting) from something like usercontent-example.com. It’s not sufficient to serve content from a subdomain like usercontent.example.com.

2. Beyond this, applications may choose to define a whitelist of allowable file extensions for user uploaded files and configure the web server to only serve such files.

It also seems like using a CDN can help against some types of issues.