Anything from <img> in any browser? On Wed, May 16, 2012 at 2:25 AM, Michele Orru <[email protected]>wrote:
> Mario Heiderich did a lot of research on that, he found so many bugs > that allowed > to embed Javascript in SVG images. > > Nice stuff Nick btw, > > Cheers > antisnatchor > > On Wed, May 16, 2012 at 10:13 AM, Dan Kaminsky <[email protected]> wrote: > > Yeah, there's a bunch of wild stuff in SVG. The browsers ignore most of > it, > > AFAIK. I think Firefox is the only browser to even consider > ForeignObjects > > (which let you throw HTML back into SVG). > > > > Probably the most interesting SVG thing is how they either do or don't > have > > script access, depending on whether or not they're loaded as <img>'s. It > > would be problematic indeed if <img src="foo.jpg"> could suddenly render > > script! > > > > > > On Tue, May 15, 2012 at 5:07 AM, Nicolas Grégoire > > <[email protected]> wrote: > >> > >> Hello, > >> > >> SVG is a XML-based file format for static or animated images. Some SVG > >> specifications (like SVG 1.1 and SVG Tiny 1.2) allow to trigger some > >> Java code when the SVG file is opened. > >> > >> Given that I had to look at these features for a customer, I developed > >> some PoC codes which are now available online: > >> http://www.agarri.fr/docs/batik-evil.svg > >> http://www.agarri.fr/docs/batik-evil.jar > >> > >> I published a more detailed article on my blog: > >> http://www.agarri.fr/blog/ > >> > >> Regards, > >> Nicolas Grégoire / @Agarri_FR > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > -- > /antisnatchor >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
