GitHub raw endpoints do it. They will either serve the SVG without an image/svg+... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		felixfbecker on Dec 8, 2020 \| parent \| context \| favorite \| on: CSS in GitHub Readmes GitHub raw endpoints do it. They will either serve the SVG without an image/svg+xml Content-Type, making it not render in the browser, or you have to append ?sanitize=true to the URL which will, as the name suggest, sanitize it.

reflectiv on Dec 10, 2020 [–]

ok but that is github...parent poster stated its common to do that...it is not.

detaro on Dec 10, 2020 | [–]

It's web security 101 for handling user uploads. (although in the case of SVG most sites solve it by just not accepting "weird" formats like SVG)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact