mvdbeek
commented
5 years ago Correct, they should be detected as xml. Would this be a feature request then ? We can sniff them to SVG, but we probably shouldn't display due to possible XSS attacks.
Open ThomasWollmann opened 5 years ago
mvdbeek
commented
5 years ago Correct, they should be detected as xml. Would this be a feature request then ? We can sniff them to SVG, but we probably shouldn't display due to possible XSS attacks.
ThomasWollmann
commented
5 years ago I agree that this can face security issues. Maybe one of the solutions in https://digi.ninja/blog/svg_xss.php is suitable for us?
When uploading SVGs they are always detected as some other dataformat.