Actually this is very interesting and should be fixed; not just here but in browsers, inkscape etc.. Not to disable JS entirely, but to sanitize it. I did not realize the use case of malicious SVGs until just now... http://www.securitytube.net/video/5533
Actually this is very interesting and should be fixed; not just here but in browsers, inkscape etc.. Not to disable JS entirely, but to sanitize it. I did not realize the use case of malicious SVGs until just now... http://www.securitytube.net/video/5533
Also - http://blog.jondh.me.uk/2012/09/inkscape-xml-entity-vulnerabilities/
Someone should make a very good PHP Sanitizing LIB for SVGs and the problem would be solved for everyone. :)
Sounds like a neat idea. Also could throw in bitcoin bounties for added fun. :)