This afternoon I went to wikipedia and saw a SVG file. Then, I was thinking.: SVG... XML... Some minutes later, after a quick look at the spec. and especially the "Scripting" part, I had a SVG file with a XSS attack inside. Then I started to look at websites and advanced webmails for inserting my file.
Damned, I came something like one year too late... Wikipedia still does not allow to upload SVG files, Gmail does not open it hotmail itoo, and actually this thing is well known. Actually I've never seen any attack with some SVG files inside.Okay, before Firefox 2.0 (and the next browsers) there was only external plugins for reading these files, It may change now. I'll keep on trying to do some things with my file!
Okay, all this SVG things are not new, but I'm a nioob in web security, at least it's new for me ;)