SVG: Exploiting Browsers without Image Parsing Bugs

แชร์
ฝัง
  • เผยแพร่เมื่อ 22 ธ.ค. 2024
  • By Rennie deGraaf
    SVG is an XML-based format for vector graphics. Modern web browsers support it natively and allow it to be styled using CSS and manipulated using JavaScript. It is less well-known that SVG can contain its own JavaScript and can import external scripts and stylesheets. Consequently, from a browser security perspective, SVG must be treated like HTML; treating it like JPEG will lead to great suffering.

ความคิดเห็น • 7