- From: P.I.E. Security Team via GitHub <sysbot+gh@w3.org>
- Date: Wed, 04 Jan 2017 20:50:03 +0000
- To: public-svg-issues@w3.org
> Content Security Policy is the preferred way to tackle these kind of issues. That's an additional layer that we use and recommend. The only other reasonable alternative is a massive developer education initiative. Something like: > ### DANGER: SVG FILES MAY CONTAIN EXECUTABLE JAVASCRIPT. THIS IS A FEATURE, NOT A BUG ...on every place a developer may learn about them. -- GitHub Notification of comment by paragonie-security Please view or discuss this issue at https://github.com/w3c/svgwg/issues/266#issuecomment-270482690 using your GitHub account
Received on Wednesday, 4 January 2017 20:50:09 UTC