Security Operations

578 readers

1 users here now

A place for all things Cyber Security, from questions, rants, and stories, to the latest attacks, vulnerabilities, and zero days.

founded 2 years ago

MODERATORS

L3s

SVG Security Risks - not just a scalable graphic (www.securesystems.de)

submitted 2 years ago by L4s to c/secops

1 comments fedilink hide all child comments

SVG Security Risks - not just a scalable graphic::Embedding Scalable Vector Graphics (SVG) can expose websites to code injection. This article explores how SVGs work, the risks they pose, and how to mitigate them.

top 1 comments

sorted by: hot top controversial new old

[–] mo_ztt 4 points 2 years ago

So I'm not trying to be critical of educational content... but what this article is actually saying, surely isn't earthshattering news. Basically what it boils down to is that embedding SVGs with an img tag is probably safe, but expanding a user-provided SVG into your web site's code is definitely not safe.

Like I say it's fine to make an article for people who didn't know that, but framing that as an SVG problem (instead of an expanding-user-provided-HTML-onto-your-website problem) and building fear-mongering around touching SVG files as a result doesn't seem right to me.