|
|
|
|
|
|
by lioeters
2280 days ago
|
|
|
You're right, I had doubts while writing that. Aside from pre/postinstall scripts, I imagine the SVG and/or CSS files gets copied into a folder of static assets. Depending on how that's done - manual import or part of a build step; specifying file extensions or not; how assets are served, etc. - that could be "vulnerable to code coming downstream". |
|
|