On 08/05/2013 06:13 PM, Roger Dingledine wrote: > And finally, be aware that many other vectors remain for vulnerabilities > in Firefox. JavaScript is one big vector for attack, but many other > big vectors exist, like css, svg, xml, the renderer, etc.
If I understand it is possible to embed scripts inside SVG and the decision currently is either to display SVG with any scripts it might have or else not display any SVG at all. It would be great to be able to use SVG but with the possibility of embedded scripts turned off. Regards, /Lars -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
