Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Marty McFly2017-09-06 12:06:27
PHP
Marty McFly, 2017-09-06 12:06:27

How to safely upload SVG to a website?

It is necessary to add the ability for users to upload SVG images to the site. Is there any way to safely load SVG so that malicious code cannot be embedded in it?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
S
Sergey Sokolov, 2017-09-06
@alex_shevch

"Big Uncles" host SVGs uploaded by users on a separate (sub)domain.
For example, wikipedia keeps them on upload.wikimedia.org
whatever script is embedded in the downloadable SVG, executing it won't do anything for the villain, because The Same Origin Policy of browsers keeps it in a separate sandbox and does not allow access to the content and cookies of the main site.

Report
4
4iloveg, 2017-09-06
@4iloveg

Try parsing the loaded svg for non-standard svg code. And when it is found, stop uploading to the site.

Similar questions
G
GRO242019-08-30 15:23:29
Why doesn't Bootstrap 4 align blocks? 2Reply
S
Steve2022-01-20 23:47:23
How to hide the real path to css? 3Reply
A
Astral1004982020-09-25 14:08:44
How to clear a tab from a line? 2Reply
R
Rustam Akhmetov2016-06-27 10:05:19
How to speed up cms Moodle? 4Reply
A
Artem Gvozdev2018-11-28 11:53:31
Using the weather API? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question