svg are treated the same as webpages by modern browsers. Either integrated into the dom directly, or as a sort of sub page. Not much potential for exploits you couldn’t do in html.
This should mostly be about injection, so someone else uploading a picture to a page and taking it over for other users. Just loading that image might make your account follow some profile there, or even do some action like press a share button.
But CSS and DoS would require the underlying implementation of JS to be capable of those things. Maaaaaybe you could argue DoS, but CSS should be impossible for any site properly implementing CSRF and content policy protections.
But yeah, the article isn’t very clear on what it means.
dos I could see via just provoking a ton of same domain requests in the svg, like loading a lot of images from the same domain. Then every user seeing it would take part in dosing that page.
XSS could mean data exfiltration, which should still pass most restrictions currently.
Would data exfiltration work, though? I forget exactly what the header value is, and am far too lazy to look it up right now, but I’m pretty sure there’s a standard one that lets a website define where requests should be allowed to point at. Unless they’re scraping the data themselves, but then that hardly needs malicious JS.
svg are treated the same as webpages by modern browsers. Either integrated into the dom directly, or as a sort of sub page. Not much potential for exploits you couldn’t do in html.
This should mostly be about injection, so someone else uploading a picture to a page and taking it over for other users. Just loading that image might make your account follow some profile there, or even do some action like press a share button.
That might make sense, but the article doesn’t really indicate that that is what it means.
But CSS and DoS would require the underlying implementation of JS to be capable of those things. Maaaaaybe you could argue DoS, but CSS should be impossible for any site properly implementing CSRF and content policy protections.
xss not css. css are the style sheets :)
But yeah, the article isn’t very clear on what it means.
dos I could see via just provoking a ton of same domain requests in the svg, like loading a lot of images from the same domain. Then every user seeing it would take part in dosing that page.
XSS could mean data exfiltration, which should still pass most restrictions currently.
Would data exfiltration work, though? I forget exactly what the header value is, and am far too lazy to look it up right now, but I’m pretty sure there’s a standard one that lets a website define where requests should be allowed to point at. Unless they’re scraping the data themselves, but then that hardly needs malicious JS.