this post was submitted on 27 Jul 2023
6 points (87.5% liked)

Security Operations

578 readers
1 users here now

A place for all things Cyber Security, from questions, rants, and stories, to the latest attacks, vulnerabilities, and zero days.

founded 2 years ago
MODERATORS
L3s
6
SVG Security Risks - not just a scalable graphic (www.securesystems.de)
submitted 2 years ago by L4s to c/secops
1 comments fedilink hide all child comments
 

SVG Security Risks - not just a scalable graphic::Embedding Scalable Vector Graphics (SVG) can expose websites to code injection. This article explores how SVGs work, the risks they pose, and how to mitigate them.

you are viewing a single comment's thread
view the rest of the comments
[–] mo_ztt 4 points 2 years ago

So I'm not trying to be critical of educational content... but what this article is actually saying, surely isn't earthshattering news. Basically what it boils down to is that embedding SVGs with an img tag is probably safe, but expanding a user-provided SVG into your web site's code is definitely not safe.

Like I say it's fine to make an article for people who didn't know that, but framing that as an SVG problem (instead of an expanding-user-provided-HTML-onto-your-website problem) and building fear-mongering around touching SVG files as a result doesn't seem right to me.