Y
Hacker News
new
|
ask
|
show
|
jobs
by
thomas34298
797 days ago
JS in SVGs can be dangerous, but you can mitigate it using a CSP or by sending "Content-Disposition: attachment" so the file will be downloaded instead of being executed in your current browser context.