Hello,
Was sent this svg as an email attachment. Is it in anyway malcious? Contains jscontroller and jsaction atrrubutes which I thought looked sus.
Thanks
<svg focusable="false" xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"> <g> <rect fill="none" height="24" width="24"></rect> </g> <g> <path d="M16,20H5V6H3v14c0,1.1,0.9,2,2,2h11V20z M20,16V4c0-1.1-0.9-2-2-2H9C7.9,2,7,2.9,7,4v12c0,1.1,0.9,2,2,2h9 C19.1,18,20,17.1,20,16z M18,16H9V4h9V16z"></path> </g> </svg>undefined</span>undefined</span>undefined<span jscontroller="cZphsd" class="fQjaD" data-pronunciation-action-target="target" aria-hidden="true" jsaction="mjwztf:V46pce;NcryF:jBJHNe;pD7Wob:tVADEe" style="display: inline-block; bottom: 6px; right: -24px; position: relative; color: rgb(31, 31, 31); font-family: Arial, sans-serif; font-size: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: nowrap; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">undefined<g-bubble jsname="VCkuzd" jscontroller="QVaUhf" data-du="200" jsaction="R9S7w:VqIRre;" jsshadow=""> <span jsname="d6wfac" class="c5aZPb" data-extra-container-classes="tw-promo-bubble" data-extra-triangle-classes="tw-promo-triangle" data-hover-hide-delay="1000" data-hover-open-delay="500" data-send-dismiss-event="true" data-theme="0" data-width="0" data-zidx="1" jsaction="vQLyHf" jsslot="" style="cursor: pointer; display: inline-block;"></span>undefined </g-bubble>undefined</span>undefined<span jscontroller="tDZ6eb" class="tw-menu-btn za3ale" data-action-target="target" data-sttse="true" id="tw-spkr-button" aria-label="!;CE0B8 ?5@5:;04" role="button" tabindex="0" jsaction="KjsqPd;rcuQ6b:npT2md;WxjQaf:WRB97d;UpNfPc:Xnrsoe;f2MWRb:QKiGd" data-ved="2ahUKEwjiyOXuj8CHAxVJDzQIHai4A6cQ8DR6BAgFEBo" style="cursor: pointer; display: inline-block; height: 48px; color: var(--IXoxUe); overflow: hidden; width: 48px; margin-left: 8px; outline: 0px; font-family: Arial, sans-serif; font-size: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: nowrap; background-color: rgb(248, 249, 250); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">undefined<span class="tw-menu-btn-image z1asCe JKu1je" title="!;CE0B8" style="display: inline-block; fill: currentcolor; height: 24px; line-height: 24px; position: relative; width: 24px; border: 1px solid transparent; padding: 10px;"> <svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"> <path d="M3 9v6h4l5 5V4L7 9H3zm13.5 3c0-1.77-1.02-3.29-2.5-4.03v8.05c1.48-.73 2.5-2.25 2.5-4.02zM14 3.23v2.06c2.89.86 5 3.54 5 6.71s-2.11 5.85-5 6.71v2.06c4.01-.91 7-4.49 7-8.77s-2.99-7.86-7-8.77z"></path> </svg> [link] [comments]
from hacking: security in practice https://ift.tt/rwfvPSy
Comments
Post a Comment