Hacker News new | ask | show | jobs
by ahubert 758 days ago
https://github.com/berthubert/trifecta/blob/main/README.md#k... has a list. The most painful one for me is that I did not know .svg files can contain javascript that gets executed in the site context if you can get someone to click on a link to your .svg file!
2 comments
softsound 758 days ago
That's one of the reasons SVG is often a third party plug-in with WordPress it's because of all the security involved.
link
yread 757 days ago
CSP would help against that. But at that time alpine.js was incompatible with CSP...

Anyone tried using the new csp alpine.js build?

https://laravel-news.com/alpinejs-csp

link