Fixing XSS Through SVG File Uploads PHP

Using Javascript code inside of an SVG file and then uploading it to a website that accepts SVG files & does not sanitize their content.

This is how a ton of websites fail and are directly exposed to this XSS vulnerability.

You have two choices:

  • Do not allow users to upload SVG files
  • Allow users to upload SVG files, but use an SVG cleaner on upload

Read more