Graduated in Digital Media M.Sc. now developing the next generation of educational software. Since a while I develop full stack in Javascript using Meteor. Love fitness and Muay Thai after work.
Please add, that svg can validly contain inline JavaScript and thus implies a XSS vulnerability if you allow your users to upload svg that are then displayed to other users. All svg that can be uploaded should therefore strip the script tag.
Please add, that svg can validly contain inline JavaScript and thus implies a XSS vulnerability if you allow your users to upload svg that are then displayed to other users. All svg that can be uploaded should therefore strip the script tag.
Thank you for pointing this out. I added it to the "updates" section.