XSS using SVG: Is AllowScriptAccess attribute ignored?
I was experimenting with some Anti-XSS solutions, and during my research, I found following the XSS vector in a cheatsheet:
<EMBED SRC=”data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIi… Continue reading XSS using SVG: Is AllowScriptAccess attribute ignored?