|
|
|
|
|
|
by mbq
4893 days ago
|
|
|
_Arbitrary_ SVG is a security/privacy problem -- it may inject JS or exploit quirks in rendering to manipulate site contents, import external images and fonts, or simply be a render bomb. And it is hard to filter out those problems. |
|
|
The render bomb point is a little trickier, as you can use some detailed filters to crash most browsers. Heck, even a single simple shape will crash any version of iOS.