goldmark

mirror of https://github.com/yuin/goldmark synced 2025-03-04 23:04:52 +00:00

History

Vincent Bernat fc877ab357 renderer: image/svg is also safe When used in an image context, SVG cannot execute scripts, be styled or fetch additional resources. So, they are as safe as other formats. When used in a `<a>` tag, it could starts executing JS, but only in its own context, so it shouldn't be dangerous either. This raises the question on which image format is dangerous.	2022-04-03 23:34:20 +02:00
..
html.go	renderer: image/svg is also safe	2022-04-03 23:34:20 +02:00

Vincent Bernat fc877ab357 renderer: image/svg is also safe

When used in an image context, SVG cannot execute scripts, be styled
or fetch additional resources. So, they are as safe as other formats.

When used in a `<a>` tag, it could starts executing JS, but only in
its own context, so it shouldn't be dangerous either.

This raises the question on which image format is dangerous.

2022-04-03 23:34:20 +02:00

html.go

renderer: image/svg is also safe

2022-04-03 23:34:20 +02:00