Libravatar (obsolete)

  1. Bug #786430
  2. Comment #14

Comment 14 for bug 786430

Revision history for this message
François Marier (fmarier) wrote :

"SVGs should not be perceived as images. [...] They are mini-programs. [...] Allowing SVG for upload == allowing HTML for upload"

https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf