Skip to content

Instantly share code, notes, and snippets.

Sven Slootweg joepie91

Block or report user

Report or block joepie91

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@paragonie-scott
paragonie-scott / SVG Fails.md
Last active Sep 19, 2016
image/svg+xml considered harmful: an open letter to member-svg-media-type@w3.org
View SVG Fails.md

Update

Filed an issue to address this particular concern.

Thanks joepie91 for finding the folks responsible and getting the conversation started.


Currently, SVG is a security foot-cannon that allows attackers to upload a Stored XSS payload when a user views the image directly. Example.

You can’t perform that action at this time.