M
M
Marty McFly2017-09-06 12:06:27
PHP
Marty McFly, 2017-09-06 12:06:27

How to safely upload SVG to a website?

It is necessary to add the ability for users to upload SVG images to the site. Is there any way to safely load SVG so that malicious code cannot be embedded in it?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
S
Sergey Sokolov, 2017-09-06
@alex_shevch

"Big Uncles" host SVGs uploaded by users on a separate (sub)domain.
For example, wikipedia keeps them on upload.wikimedia.org
whatever script is embedded in the downloadable SVG, executing it won't do anything for the villain, because The Same Origin Policy of browsers keeps it in a separate sandbox and does not allow access to the content and cookies of the main site.

4
4iloveg, 2017-09-06
@4iloveg

Try parsing the loaded svg for non-standard svg code. And when it is found, stop uploading to the site.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question