"SVGs should not be perceived as images. [...] They are mini-programs. [...] Allowing SVG for upload == allowing HTML for upload"
https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf
"SVGs should not be perceived as images. [...] They are mini-programs. [...] Allowing SVG for upload == allowing HTML for upload"
https:/ /www.owasp. org/images/ 0/03/Mario_ Heiderich_ OWASP_Sweden_ The_image_ that_called_ me.pdf