SVG is an XML-based format for vector graphics. Modern web browsers support it natively and allow it to be styled using CSS and manipulated using JavaScript. It is less well-known that SVG can contain its own JavaScript and can import external scripts and stylesheets. Consequently, from a browser security perspective, SVG must be treated like HTML; treating it like JPEG will lead to great suffering.
Rennie deGraaf is a security consultant with iSEC Partners, a strategic digital security organization.In the past, he has worked as a software developer at Microsoft, a researcher at the University of Calgary, and a system administrator at Industrial Defender (back when it was still Verano). He has a MSc in Computer Science specializing in network security, specifically firewalling tricks such as port knocking and SPA.