I guess that obfuscated JS in SVG runs? Then it downloads the script that does s... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		throwaway290 6 months ago \| parent \| context \| favorite \| on: Adult sites are stashing exploit code inside svg f... I guess that obfuscated JS in SVG runs? Then it downloads the script that does shady stuff

lostmsu 6 months ago [–]

That does not explain exactly what is wrong. The site could already run JS. It did not need SVG to do it.

throwaway290 6 months ago | [–]

Yeah I guess the original article is not clear on that. Other cases usually involved email but this is not

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact