External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage.
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of data: URLs. This could allow for cross-domain data leakage.
https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9900