00:48:57 __uguu__ n-tech: https://infinitydev.org/lynx/thread/18#20 :^) 00:49:30 __uguu__ n-tech: i can come up with about a dozen variants 00:49:55 n-tech I see what you've done. 00:49:59 n-tech Doesn't affect Chrome though 00:50:05 __uguu__ oh? 00:50:10 __uguu__ open the attachment 00:50:19 n-tech I have 00:50:20 __uguu__ :-DDD 00:50:25 n-tech It doens't affect firefox either 00:50:29 JB what's this? 00:50:30 __uguu__ it worked over here 00:50:37 __uguu__ stock firefox? 00:50:46 JB what does it do 00:50:50 n-tech yes 00:51:04 n-tech The attachment for that post is an SVG with a JavaScript injection 00:51:11 __uguu__ https://infinitydev.org/lynx/file/3eaf0f3d91f2a30e4ec37e4771237f9e/benis.svg 00:51:12 n-tech It should theoretically alert "benis" when you mouseover it 00:51:14 n-tech but I get nothing 00:51:26 n-tech ah that works 00:51:28 __uguu__ that did it 00:51:30 n-tech it doesn't load inline 00:51:40 n-tech must be browser XSS protection 00:51:41 __uguu__ it also references something on i2p.rocks 00:51:48 __uguu__ i got an http.log entry 00:51:51 n-tech hm 00:51:53 __uguu__ :-DDDD 00:52:01 __uguu__ xx.xx.249.138 - - [27/Sep/2015:16:51:21 +0000] "GET /favicon.ico HTTP/1.1" 200 13231 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" 00:52:24 __uguu__ so like, don't do svg 00:52:28 JB SVG allows javascript? lol 00:52:31 n-tech yes 00:52:36 n-tech I want SVG though, it's important to me 00:52:40 __uguu__ D: 00:52:40 n-tech Surely there is a way to sanitize it 00:52:43 __uguu__ nope 00:52:48 __uguu__ i have another variant 00:52:50 JB Why does SVG allow javascript? That's fucking retarded 00:52:51 __uguu__ a few others 00:52:55 JB That's like when IE allowed javascript in CSS files 00:53:00 n-tech it's spec is a bit of a wreck 00:53:17 __uguu__ it is 00:53:20 __uguu__ it's a total wreck 00:53:23 __uguu__ it also allows all css 00:53:26 __uguu__ so there's that 00:53:45 JB alerts in chrome when i open in a new tab 00:54:09 n-tech Okay, I will make a note of this. I'd really like to preserve SVGs if at all possible though. 00:54:15 n-tech They're a very important graphical standard now [...] 01:00:16 n-tech It's heartwrenching because I really love the SVG format and the power it provides 01:00:26 n-tech simple format and renders beautifully on mobile devices 01:00:27 n-tech ; ; 01:00:38 __uguu__ svg -- xml based image format 01:00:40 __uguu__ not even once 01:00:48 __uguu__ it's beyond too complex 01:00:51 n-tech it's going to be one of those things 01:00:55 n-tech 5 years from now 01:01:02 n-tech we'll have a refined SVG spec that takes care of all this shit 01:01:07 n-tech and we'll look back at SVG 1.0 and be like 01:01:09 __uguu__ i doubt it 01:01:09 n-tech man what was that shit 01:01:20 __uguu__ this is the top of the line spec 01:01:20 n-tech don't be such a negative nancy ok 01:01:25 n-tech gotta be a positive polly 01:04:19 __uguu__ i can also have it load external resources that then reference an svg with script 01:04:41 __uguu__ i don't know how you'd filter that out 01:09:34 __uguu__ https://infinitydev.org/b/thread/96 :-DDDD