Is there somebody who has a SVG policy to merge into an existing one?
I started writing something like the following. Any thoughts on what to exclude to make it safer? For the moment I removed the "script" element and the attributes "crossorigin", "ping" and all attributes starting with "on".
Perhaps this is a policy that could be added since SVG can mixed with HTML.
Is there somebody who has a SVG policy to merge into an existing one?
I started writing something like the following. Any thoughts on what to exclude to make it safer? For the moment I removed the "script" element and the attributes "crossorigin", "ping" and all attributes starting with "on".
Perhaps this is a policy that could be added since SVG can mixed with HTML.