Help:Security/SVG files

The SVG file format has certain security and privacy issues that you might want to consider before opening such files.

SVG files can include complex interactive features which might trigger the browser to connect to the Internet and reveal the IP address and other personal information of the user to a third party.

A malicious SVG author might use this functionality to connect network locations to wiki usernames or otherwise violate the privacy of the reader.

SVG has a complex internal structure which makes it practically impossible to detect dangerous files; it is left to the privacy-conscious reader to take precautions.

Further reading:


 * SVG — Exploiting Browsers without Image Parsing Bugs, Rennie deGraaf of iSEC Partners, 07 August 2014
 * Mario Heiderich: The forbidden image - Security impact of SVG on the WWW, Hack In Paris 2011