Caleb James DeLisle on Nostr: Yes. A malicious SVG in an <img> tag won't hurt you. The browser makers thought ahead ...
Yes. A malicious SVG in an <img> tag won't hurt you. The browser makers thought ahead on that one, but don't use an <svg> tag!
And yes, if you open it in a new tab, there's no defense except CSP.
Published at
2023-09-07 18:32:26Event JSON
{
"id": "ce4b952e86764a99d0b1cb0209cdedbf7d55f8d22d4f334bc90665cb7d376f07",
"pubkey": "dde9dd6efbaf3c747c06bfd60f732666acd686e4c2eff471937f0c7c5fca5e0e",
"created_at": 1694111546,
"kind": 1,
"tags": [
[
"p",
"79c2cae114ea28a981e7559b4fe7854a473521a8d22a66bbab9fa248eb820ff6",
"wss://relay.mostr.pub"
],
[
"e",
"a32055317caa5a46f43afc8835a9cd52ad962e349d8ba2a760cad44b6ba05610",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://pkteerium.xyz/objects/7ca1f9f4-a51e-4f3e-8046-3f77f08dc9ed",
"activitypub"
]
],
"content": "Yes. A malicious SVG in an \u003cimg\u003e tag won't hurt you. The browser makers thought ahead on that one, but don't use an \u003csvg\u003e tag!\n\nAnd yes, if you open it in a new tab, there's no defense except CSP.\n\nhttps://pkteerium.xyz/media/8118c36633af6c350d8d58dd9a8bc888167524d80fb5e52036ad3d1ccd4e3e55.png",
"sig": "c879f2094cb76b4de6310dc9d76e9e2373b8e9547f4fb0b2ec3e29acb4483ba4e5bd7e6eb2af5ef39c616bbed15ab3fbe07863a608cfa870580dfec2daf1a5ff"
}
