IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [svg]

An XML-based vector image format for two-dimensional graphics with support for interactivity and animation.

21 questions
16
votes
2 answers

Why does this XSS vector work in svg but not in HTML?

Why does this vector : works in http://jsfiddle.net/ZgPY4/2/ and this one doesn't. How is making it work?
Daniel
  • 1,422
  • 3
  • 21
  • 32
12
votes
2 answers

How to prevent XSS in SVG file upload?

Currently assessing an application, I found out that it is possible to submit an SVG file containing JavaScript (the app is also vulnerable to XXE). I wondered if there was a method to prevent those vulnerabilities and secure the SVG submission…
Nokosi Pow
  • 131
  • 1
  • 4
9
votes
2 answers

Is there a way to execute XSS in an HTML img tag with SVG?

Is there a working technique to execute XSS in modern browsers using a SVG file displayed on a web page with an tag? I know a way to execute without