I have a + javascript page that reads an SVG user file in HTML <object> and then modifies the SVG DOM with javascript.
EDIT: the user selects a file from his file system using the file type input field.
All this works well in firefox, but both edges and chrome balk refer to policies of the same origin (as I understand it, chrome spits out
Blocked frame with the original "zero" from access to the frame with a transverse beginning.
while the edge simply refuses to read object data).
If I understand the policy of one origin well enough, and the risks associated with it, refusing chrome and chrome to boot with loaded SVG is legal. Firstly, am I mistaken?
Secondly, how do I get through this problem? Is there any way? If the user uploads the SVG to the server and then uploads it (so that it shares the beginning as my page), and if so, is it safe?
I am looking for the “right” way to do this: safe for my site, safe for the user, etc.
thank
Related questions:
Sorry if I had to do something with these questions, and not ask again. I was hoping that using more modern methods, a solution can be found.