[auct]

What were the vulnerabilities in your 1600 lines imgur alternative?

[ahubert]

https://github.com/berthubert/trifecta/blob/main/README.md#k... has a list. The most painful one for me is that I did not know .svg files can contain javascript that gets executed in the site context if you can get someone to click on a link to your .svg file!

[softsound]

That's one of the reasons SVG is often a third party plug-in with WordPress it's because of all the security involved.

[yread]

CSP would help against that. But at that time alpine.js was incompatible with CSP...

Anyone tried using the new csp alpine.js build?

https://laravel-news.com/alpinejs-csp