Not what you’re looking for, but perhaps also interesting, there’s a comic written in CSS: https://comicss.art/
YSK: SVG files are a security risk. Be careful where you get them from and how you handle them.
Basically, an SVG can contain JavaScript. If you open an SVG in an application that can interpret the JS (e.g. a web browser) then the script will execute (just as with a malicious PDF), at which point it could download other files (malware) or perform any other function that the application has access to (creating, editing or deleting files on the hard drive) because you gave it permission to do that by opening the SVG. Effectively opening an SVG in a JS-capable application is the same as allowing a stranger to run arbitrary code on your computer. You might as well go around the Internet wearing a “please hack me” sign.
Downloading an SVG to your hard drive directly should be relatively safe, and opening it in a graphics program that does not execute JavaScript should have no risk, but viewing random SVGs in a web browser is a real hazard.
I like to use this to strip out unnecessary layers and optimise: https://svgomg.net/
Effectively opening an SVG in a JS-capable application is the same as allowing a stranger to run arbitrary code on your computer.
If your browser allows JS access or create random files, or do other arbitrary stuff, that’s an extremely shit browser.
SVGs are everywhere nowadays, from website logos, to UI elements to even the favicon.
Yup.
There’s always value in understanding risk, and in limiting it.
Do you disable JavaScript across the board? Otherwise you’re not making much sense here.
Yes, actually I use jshelter to block script and selectively allow it per website.
Isn’t opening it in a web browser same as opening random website?
Yes, and the security risks associated with JavaScript are not typically seen as significant since your filesystem is not accessible and most any other vulnerable data isn’t either for that matter
the security risks associated with JavaScript are not typically seen as significant since your filesystem is not accessible and most any other vulnerable data isn’t either for that matter
go on mate, pull the other one!
Rowhammer is unfixable, by the way, until someone invents a replacement for DRAM.
There’s some weird exception to pretty much any statement. Funny enough though
which had made Rowhammer impractically slow against web browsers.
