DEV Community

Discussion on: Benefits of SVG

Collapse
 
jankapunkt profile image
Jan Küster

Please add, that svg can validly contain inline JavaScript and thus implies a XSS vulnerability if you allow your users to upload svg that are then displayed to other users. All svg that can be uploaded should therefore strip the script tag.

Collapse
 
alexi_be3 profile image
Alexi Taylor 🐶

Thank you for pointing this out. I added it to the "updates" section.