Is it safe to allow CSS filter: url(data:<SVG SOURCE HERE>)?
We have a web service where logged in users can create web page content and write custom CSS for their pages. All the HTML goes through a whitelist parser and doesn’t allow any executable content. All the CSS is put through a whitelist par… Continue reading Is it safe to allow CSS filter: url(data:<SVG SOURCE HERE>)?