I’m not an expert in cyber security and exploits. I need help figuring out if my app is vulnerable and in what way. Let’s assume I’m an idiot (and I’m not to this extent), and I leave the possibility for client users to upload (exploiting my front end) any file they want on my server in a subfolder (let’s call
Tag: code-injection
Is there any way to make user uploaded SVG images safe from code injection etc?
I want to display user uploaded SVG images on a website, but they’re quite open to exploits: https://security.stackexchange.com/questions/11384/exploits-or-other-security-risks-with-svg-upload https://security.stackexchange.com/questions/36447/img-tag-vulnerability For example, arbitrary javascript can be embedded in SVG. There’s also issues with performance exploits, but I’d consider those lower priority. Is there any mechanism to make SVG somewhat safe and only use it as an image? Can I simply trust