Author

Topic: Allow SVG on Signatures :) (Read 250 times)

hero member
Activity: 1162
Merit: 643
BTC, a coin of today and tomorrow.
April 21, 2022, 06:35:09 PM
#10
Hey guys, I know images are not allowed in signatures, but what about SVG?
Quality of signatures would for sure be much better with vector graphics, but I am not sure if I ever saw a forum that has svg signatures, and I am not sure we even need that.
I think that theymos is trying to reduce all the risks and I don't expect to see any changes with signatures, at least not with current forum software.
You an get very good signatures for your business even now, if you pick a good designer.

I have taught of why signature designers doesn't use SVG to achieve fine and scalable designs. But I didn't attribute it to risk of vulnerabilities or maliciousness. I just concluded that signature space is not that much, only the vector codes will occupy the majority space of the signature space. I couldn't remember that Theymos can increase the signature space, then the whole system can be loading slowly.
I believe Theymos doesn't want to include anything that will not benefit the forum, it's not worth risking.
hero member
Activity: 2268
Merit: 960
100% Deposit Match UP TO €5000!
April 21, 2022, 06:17:13 PM
#9
Quote
You can include images, but they must be base64-encoded data: URIs. No tags; SVG images are allowed, but they must be base64-encoded in data

There must be a reason.

It's possible to hide malicious code in an svg (it's likely scannable and easy to detect but there's probably not much point seen in taking the risk).

A simple way svg can be used for hacking would be by adding a closing svg tag inside the image you've uploaded and then adding your onw html/javascript/php straight after it (you can add a closing svg at the end of that too to get it to be less likely to be detected - I'm posting this as an example because I don't expect it to work ANYWHERE).


How do we bring this up but do not bring up the guy who included the 1 pixel by 1 pixel tracking image in his url
copper member
Activity: 28
Merit: 24
Bitcoin.PN - Bitcoin Play Network Coming Soon!
April 20, 2022, 04:00:41 PM
#8
So sick. I didn't know one could hide code in an svg file. Literally just checked my site's SVG files and all seem healthy Smiley

Those common image files could be code-injected.

Really unimaginable huh when people could find almost anything to have it their way Smiley

Yeah, I really couldn't think one could inject code in a xvg file. Very interesting stuff.
hero member
Activity: 2254
Merit: 537
My passive income eBook @ tinyurl.com/PIA10
April 20, 2022, 12:07:57 PM
#7
So sick. I didn't know one could hide code in an svg file. Literally just checked my site's SVG files and all seem healthy Smiley

Those common image files could be code-injected.

Really unimaginable huh when people could find almost anything to have it their way Smiley
copper member
Activity: 28
Merit: 24
Bitcoin.PN - Bitcoin Play Network Coming Soon!
April 19, 2022, 11:35:32 AM
#6
So sick. I didn't know one could hide code in an svg file. Literally just checked my site's SVG files and all seem healthy Smiley
legendary
Activity: 1974
Merit: 2124
April 19, 2022, 05:46:22 AM
#5

It's possible to hide malicious code in an svg (it's likely scannable and easy to detect but there's probably not much point seen in taking the risk).

A simple way svg can be used for hacking would be by adding a closing svg tag inside the image you've uploaded and then adding your onw html/javascript/php straight after it (you can add a closing svg at the end of that too to get it to be less likely to be detected - I'm posting this as an example because I don't expect it to work ANYWHERE).
Yes and hackers are always trying to find out new ways to scam you so the forum security needs to be updated with it and trying new things in signature space with svg can result in those malicious codes you are talking about.

One google search landed me on stackoverflow results where user received malicious code embedded in JS redirecting him to phising YouTube page that could harm his system .

Quality of signatures would for sure be much better with vector graphics, but I am not sure if I ever saw a forum that has svg signatures, and I am not sure we even need that.
I think that theymos is trying to reduce all the risks and I don't expect to see any changes with signatures, at least not with current forum software.
You an get very good signatures for your business even now, if you pick a good designer.
The quality can be improved with vector signatures but if the security is compromised so what's the need to do it? Moreover at this time the signatures are looking fine even in the pixelated format and forum is doing quite well in them.Yes i also think there is any vector signature on the forum or any particular thread about it because i have searched it and found nothing related to this.So at this time we are absolutely best without superior quality also with security.
legendary
Activity: 2212
Merit: 7064
April 19, 2022, 05:07:42 AM
#4
Hey guys, I know images are not allowed in signatures, but what about SVG?
Quality of signatures would for sure be much better with vector graphics, but I am not sure if I ever saw a forum that has svg signatures, and I am not sure we even need that.
I think that theymos is trying to reduce all the risks and I don't expect to see any changes with signatures, at least not with current forum software.
You an get very good signatures for your business even now, if you pick a good designer.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
April 18, 2022, 05:33:47 PM
#3
Quote
You can include images, but they must be base64-encoded data: URIs. No tags; SVG images are allowed, but they must be base64-encoded in data

There must be a reason.

It's possible to hide malicious code in an svg (it's likely scannable and easy to detect but there's probably not much point seen in taking the risk).

A simple way svg can be used for hacking would be by adding a closing svg tag inside the image you've uploaded and then adding your onw html/javascript/php straight after it (you can add a closing svg at the end of that too to get it to be less likely to be detected - I'm posting this as an example because I don't expect it to work ANYWHERE).
copper member
Activity: 2128
Merit: 1814
฿itcoin for all, All for ฿itcoin.
April 18, 2022, 04:57:04 PM
#2
I doubt if they will allow the on signatures. Initially they were not even allowed on forum ads whose slots go through auctions

Images are not allowed no matter how they are created (CSS, SVG, or data URI). Occasionally I will make an exception for small logos and such, but you must get pre-approval from me first.

Later on, according to this, they are allowed but with some restrictions

Quote
You can include images, but they must be base64-encoded data: URIs. No tags; SVG images are allowed, but they must be base64-encoded in data

There must be a reason.
copper member
Activity: 28
Merit: 24
Bitcoin.PN - Bitcoin Play Network Coming Soon!
April 18, 2022, 03:21:47 PM
#1
Hey guys, I know images are not allowed in signatures, but what about SVG?

It's vectors and it doesn't need to load images from external sources.

Just a thought
Jump to: