Unlike more common formats such as .jpg or .png, .svg uses XML-based text to specify how the image should appear, allowing files to be resized without losing quality due to pixelation. But therein lies the rub: The text in these files can incorporate HTML and JavaScript, and that, in turn, opens the risk of them being abused for a range of attacks, including cross-site scripting, HTML injection, and denial of service.
Willing to bet that some browsers just do what the SVG says.
Yes, you are just quoting the article which I already read, but this fails to answer the question why the same JS does something different depending on whether it is part of an SVG or not. Should it not be possible to put the same JS directly into the HTML?
The SVG is probably parsed by a different library or different module at least and might have exploitable bugs. Still, the js would likely be fed to the same engine. It might not be impossible that something gets mangled or the context is different.
But mostly this smells like a fantasy article. No mention of which exact browser, what the mechanism is and, in particular, no sample code. And as a bonus the bs blanket term of “adult sites” which makes this look more like fear propaganda.
Willing to bet that some browsers just do what the SVG says.
Yes, you are just quoting the article which I already read, but this fails to answer the question why the same JS does something different depending on whether it is part of an SVG or not. Should it not be possible to put the same JS directly into the HTML?
The SVG is probably parsed by a different library or different module at least and might have exploitable bugs. Still, the js would likely be fed to the same engine. It might not be impossible that something gets mangled or the context is different.
But mostly this smells like a fantasy article. No mention of which exact browser, what the mechanism is and, in particular, no sample code. And as a bonus the bs blanket term of “adult sites” which makes this look more like fear propaganda.
I don’t know* jack about shit but I got fud vibe from this headline lol
Gooners get punished for watching content!
deleted by creator