Skip to content
Advertisement

Tag: code-injection

Is there any way to make user uploaded SVG images safe from code injection etc?

I want to display user uploaded SVG images on a website, but they’re quite open to exploits: https://security.stackexchange.com/questions/11384/exploits-or-other-security-risks-with-svg-upload https://security.stackexchange.com/questions/36447/img-tag-vulnerability For example, arbitrary javascript can be embedded in SVG. There’s also issues with performance exploits, but I’d consider those lower priority. Is there any mechanism to make SVG somewhat safe and only use it as an image? Can I simply trust

Advertisement