Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
lostmsu
10mo ago
0 comments
Save
Share
What's the hole? Neither appear to say.
0 comments
3 comments · 1 top-level
top
newest
oldest
throwaway290
10mo ago
· 2 in thread
I guess that obfuscated JS in SVG runs? Then it downloads the script that does shady stuff
lostmsu
OP
10mo ago
That does not explain exactly what is wrong. The site could already run JS. It did not need SVG to do it.
throwaway290
10mo ago
Yeah I guess the original article is not clear on that. Other cases usually involved email but this is not
j
/
k
navigate · click thread line to collapse
