github.com

SVG images are accepted but not sanitized · Issue #38 · berthubert/trifecta

The upload handler checks that the content type starts with "image/", but this check includes the image/svg+xml content type, so the following image is accepted: <?xml version="1.0" encoding="UTF-8...