←back to thread

519 points cantdutchthis | 1 comments | | HN request time: 0.211s | source
Show context
xml ◴[] No.44502333[source]
A word of caution: There are SVGs which can freeze a page, so make sure that you do not link to any third party SVGs. This is a known bug, but both the Google Chrome and Mozilla team do not want to fix it.

Here is an evil example SVG for demonstration.

DON'T CLICK THIS LINK UNLESS YOU WANT TO RISK CRASHING YOUR BROWSER!

https://asdf10.com/danger.svg

replies(2): >>44502579 #>>44504026 #
1. mmis1000 ◴[] No.44502579[source]
Crash a single page or even the whole browser isn't really a security problem though. In fact, there are so many ways to freeze the whole tab or even browser ui with build-in function if you apply it way too many times. (For example, a long chain of blur filters will make the chrome ui non responsive because the render time will skyrocket.)

Although if the affect area does escape the tab, the issue will have higher priority because that would be annoying to user.