jpkleemans
commented
1 year ago Hi, thanks for your question. The library doesn't introduce a security concern by using dynamic paths. Client side code can only access files that are publicly available (usually all files in the /dist folder). Only at compile time it has access to "system files". So if you make sure your dist folder doesn't contain any sensitive files, you'll be fine!
This module is a life saver! However I'm curious if there is any security concern when using dynamic paths to load svg? How vite-svg-loader is preventing abuser from altering svg paths on the client side and accessing system files?