If you trust your browser it's fine, and if you don't then both CSS and SVG are significan...

lmm • today at 2:02 AM • 3 replies • view on HN

If you trust your browser it's fine, and if you don't then both CSS and SVG are significantly more risky.

margalabargala • today at 4:07 AM

This isn't true at all.

Anything SVG does maliciously, it does by containing JavaScript, so SVG's worst case is a subset of JS's.

fc417fc802 • today at 4:30 AM

Remind me again what the ratio of browser sandbox escapes coupled with full RCE is between JS, CSS, and SVG?

sysguest • today at 2:16 AM

> then both CSS and SVG are significantly more risky.

how???

alt Hacker News