Author Archives: Nokosi Pow

Preventing XSS in SVG

Posted on January 16, 2017 by Nokosi Pow

Currently assessing an application, I found out that it is possible to submit an SVG fill containing Javascript (the app is also vulnerable to XXE). I wondered if there was a method to prevent those vulnerabilities and secure… Continue reading Preventing XSS in SVG→

Posted in javascript, obfuscation, svg, xss, xxe

How to prevent XSS in SVG file upload?

Posted on January 16, 2017 by Nokosi Pow

Currently assessing an application, I found out that it is possible to submit an SVG file containing JavaScript (the app is also vulnerable to XXE). I wondered if there was a method to prevent those vulnerabilities and secure… Continue reading How to prevent XSS in SVG file upload?→

Posted in file-upload, javascript, svg, xss | Tagged Image