[wp-trac] [WordPress Trac] #26256: SVG images get width and height attributes with values of 1
WordPress Trac
noreply at wordpress.org
Sun Jul 6 14:11:36 UTC 2014
#26256: SVG images get width and height attributes with values of 1
-------------------------------------+------------------------------
Reporter: lippe | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------------------
Comment (by ericlewis):
Replying to [comment:12 johnbillion]:
> The main issue is [http://www.acunetix.com/blog/web-security-
zone/articles/xml-external-entity-xxe-vulnerabilities/ XXE attacks], but
there are others such as recursive entity expansion bombs.
Isn't unfiltered html just as dangerous? If a user can be trusted with
unfiltered html, perhaps they should also be trusted with SVG?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26256#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list