I’m not an expert in cyber security and exploits. I need help figuring out if my app is vulnerable and in what way. Let’s assume I’m an idiot (and I’m not to this extent), and I leave the possibility for client users to upload (exploiting my front end) any file they want on my server i…
Tag: code-injection
Is there any way to make user uploaded SVG images safe from code injection etc?
I want to display user uploaded SVG images on a website, but they’re quite open to exploits: https://security.stackexchange.com/questions/11384/exploits-or-other-security-risks-with-svg-upload https://security.stackexchange.com/questions/36447/img-tag-vulnerability For example, arbitrary javascript can …