DEV Community

loading...

Discussion on: Benefits of SVG

Collapse
jankapunkt profile image
Jan Küster

Please add, that svg can validly contain inline JavaScript and thus implies a XSS vulnerability if you allow your users to upload svg that are then displayed to other users. All svg that can be uploaded should therefore strip the script tag.

Collapse
alexi_be3 profile image
Alexi Taylor 🐶 Author

Thank you for pointing this out. I added it to the "updates" section.