this post was submitted on 09 Aug 2025
68 points (95.9% liked)
Privacy
3893 readers
138 users here now
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be civil and no prejudice
- Don't promote big-tech software
- No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
- No reposting of news that was already posted
- No crypto, blockchain, NFTs
- No Xitter links (if absolutely necessary, use xcancel)
Related communities:
Some of these are only vaguely related, but great communities.
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
- !drm@lemmy.dbzer0.com
founded 10 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
svg are treated the same as webpages by modern browsers. Either integrated into the dom directly, or as a sort of sub page. Not much potential for exploits you couldn't do in html.
This should mostly be about injection, so someone else uploading a picture to a page and taking it over for other users. Just loading that image might make your account follow some profile there, or even do some action like press a share button.
That might make sense, but the article doesn't really indicate that that is what it means.
xss not css. css are the style sheets :)
But yeah, the article isn't very clear on what it means.
dos I could see via just provoking a ton of same domain requests in the svg, like loading a lot of images from the same domain. Then every user seeing it would take part in dosing that page.
XSS could mean data exfiltration, which should still pass most restrictions currently.