undefined | Better HN

0 pointslostmsu7mo ago0 comments

What's the hole? Neither appear to say.

0 comments

I guess that obfuscated JS in SVG runs? Then it downloads the script that does shady stuff

lostmsuOP7mo ago

That does not explain exactly what is wrong. The site could already run JS. It did not need SVG to do it.

Yeah I guess the original article is not clear on that. Other cases usually involved email but this is not

j / k navigate · click thread line to collapse

0 pointslostmsu7mo ago0 comments

What's the hole? Neither appear to say.

I guess that obfuscated JS in SVG runs? Then it downloads the script that does shady stuff

lostmsuOP7mo ago

That does not explain exactly what is wrong. The site could already run JS. It did not need SVG to do it.

Yeah I guess the original article is not clear on that. Other cases usually involved email but this is not

j / k navigate · click thread line to collapse