DEV Community


Discussion on: Benefits of SVG

jankapunkt profile image
Jan Küster

Please add, that svg can validly contain inline JavaScript and thus implies a XSS vulnerability if you allow your users to upload svg that are then displayed to other users. All svg that can be uploaded should therefore strip the script tag.

alexi_be3 profile image
Alexi Taylor 🐶 Author

Thank you for pointing this out. I added it to the "updates" section.