Hello, On Wed, Oct 20, 2010 at 3:59 PM, Jennifer Yu <Jennifer.Yu@microsoft.com>wrote: > If I want to treat SVG like another image format and allow users to > upload SVG images to my server, is there currently any way to prevent script > inside the uploaded SVG from executing? > The best way to do this is to white-list elements and attributes you want to allow on your site. This means parsing and re-serialization. We have an example of a whitelist in SVG-edit. I've been meaning to pull that out into a separate JS module. Thanks, > > Jen > Regards, JeffReceived on Thursday, 21 October 2010 02:56:45 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:54:29 UTC