The attack scenario is not very realistic, but the details of the attack and why it caused a XSS are fascinating
You must log in or # to comment.
Yeah that’s a complex scenario, but that’s also a good reminder of why Tor Browser’s Safest mode disables SVG entirely. Note that it’s possible to have a static/safe subset of SVG which does not support scripting, but i don’t know any browser that implements that…
IMO, blob URLs should be completely disabled. They are the main issue here, because they are executed in the context of the origin that created the blob in the first place.