- From: Tom Schuster via GitHub <noreply@w3.org>
- Date: Wed, 11 Jun 2025 09:14:37 +0000
- To: public-svg-issues@w3.org
evilpie has just created a new issue for https://github.com/w3c/svgwg: == Help needed: Which SVG elements/attributes should be included in the default Sanitizer config == The [Sanitizer API](https://github.com/WICG/sanitizer-api) aims to mitigate the risk of DOM-based cross-site scripting attacks. We would like to invite you to provide us with a list of elements and attributes that are safe and should be included in the default allow list. When coming up with the list of HTML elements/attributes we have often gone with the most minimal useful set. This means no unsafe elements (`script`), no legacy/deprecated elements and no styling related attributes like `style`. As an inspiration, I would suggest looking at the list provided to us by the MathML WG: https://github.com/WICG/sanitizer-api/pull/250 (discussed in https://github.com/WICG/sanitizer-api/issues/103). We have an open questions about `overflow` in SVG as well, which could also use your input: https://github.com/WICG/sanitizer-api/issues/295. Please view or discuss this issue at https://github.com/w3c/svgwg/issues/981 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 11 June 2025 09:14:39 UTC