zenhack
commented
9 years ago The python feedparser library's whitelist might provide a good starting point: http://pythonhosted.org/feedparser/html-sanitization.html
Open mstone opened 10 years ago
zenhack
commented
9 years ago The python feedparser library's whitelist might provide a good starting point: http://pythonhosted.org/feedparser/html-sanitization.html
There are lots of ways to include javascript in SVG but atlas does not yet make any attempt to protect its users from dangerous SVG.
(For what it's worth, this will almost certainly require parsing and whitelisting to fix, given the diversity of known JS inclusion paths including script elements, via CSS, via xinclude, and probably via svg:image.)