DevUtils-app icon indicating copy to clipboard operation
DevUtils-app copied to clipboard

Published 20 hours ago verified publisher icon DevUtilsApp

Feature idea: SVG Hush

Open jools-r opened this issue 2 years ago • 1 comments

It’s early days yet, but might SVG Hush be a good match for DevUtils?

https://github.com/cloudflare/svg-hush

The goal of this tool is to make arbitrary SVG files as benign and safe to serve as images in other common Web file formats. SVG files aren't just images, they're documents with full access to all HTML and JavaScript features. This tool filters SVG files to remove use of any potentially risky features.

  • Removes scripting. Prevents SVG files from being used for cross-site scripting attacks. Although browsers don't allow scripts in , they do allow scripting when SVG files are opened directly as a top-level document.
  • Removes hyperlinks to other documents. Makes SVG files less attractive for SEO spam and phishing.
  • Removes references to cross-origin resources. Stops 3rd parties from tracking who is viewing the image.

jools-r avatar Aug 02 '22 15:08 jools-r

This makes sense. Noted 😄

trungdq88 avatar Aug 03 '22 03:08 trungdq88