- From: steve-mills via GitHub <sysbot+gh@w3.org>
- Date: Mon, 01 Mar 2021 06:27:04 +0000
- To: public-svg-issues@w3.org
steve-mills has just created a new issue for https://github.com/w3c/svgwg: == Dissallow inline <script> in SVG == SVG is the best 2d vector format we currently have however, .svg upload/ display is not supported by several environments due to the potential for malicious code. Unsupported environments include: -Some email platforms (including Gmail), - Facebook feed/ profile pictures, - Twitter feed/ profile pictures, - Numerous others. Maybe if further measures were taken to prevent SVG being an attack vector, more vendors would have support for SVG and use of SVG would be more wide spread. I am not a security expert so I can not make any recommendations. Please consider this proposal. Please view or discuss this issue at https://github.com/w3c/svgwg/issues/829 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 1 March 2021 06:27:06 UTC