Re: auto redirect to url using svg tag ? from Gerald Oskoboiny on 2023-07-18 (public-website-redesign@w3.org from July 2023)

From: Gerald Oskoboiny <gerald@w3.org>
Date: Tue, 18 Jul 2023 14:50:15 -0700
To: pierre@highharbor.net
Cc: public-website-redesign@w3.org
Message-ID: <ZLcJFxJXEuUhujdR@w3.org>

Hi Pierre,

* pierre@highharbor.net <pierre@highharbor.net> [2023-07-07 12:15+0200]
>
>Hello,
>
>Please check this mailicious code I've received in a browser (I 
>tested in Firefox). I haven't found documentation about this 
>capability within svg code.

This seems to be using the onerror event handler to redirect to 
another URL. Can you say why you think this is malicious? There 
are lots of ways to cause redirects from web pages. Is there 
something about this method that makes it a security issue?

Thanks

-- 
Gerald Oskoboiny <gerald@w3.org>
http://www.w3.org/People/Gerald/
tel:+1-604-906-1232 (mobile)

Received on Tuesday, 18 July 2023 21:50:21 UTC