SVG XSS in an Image Tag With CSP

« Menu

The SVG is served in an image tag and with a Content Security Policy that prevents inline JavaScript, both of which should prevent JavaScript execution.

SVG with XSS


Demo created by Robin Wood - DigiNinja