The whole point is that SVG images are basically never loaded with the embed tag... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bamboleo on Dec 8, 2020 \| parent \| context \| favorite \| on: CSS in GitHub Readmes The whole point is that SVG images are basically never loaded with the embed tag, which is the reason why this is innocuous. Embed is basically like using iframe, so where one is blocked, the other one is too. The author simply loaded the SVG via the image tag, which renders it inert.

pickledcods on Dec 9, 2020 [–]

True, I started optimistic seeding much potential in possibilities to extend HTML only to discover that embedded javascript only works when the SVG is the main URL target or wrapped in <object> or <iframe>. Sad actually.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact