this was very interesting: "SVG, for example, has a problem however you look at it: on one hand more than 15 per cent of the sites use it, on the other hand, nearly 87 per cent of blockers block it, but it's had 14 security warnings (CVEs, Common Vulnerabilities and Exposures) in the last three years."
I am deeply suspicious of that number. I've never encountered a plugin or anything of the sort that provides for "blocking SVG", and it's fully supported in all recent browsers.
Paper author here. The blocking % referenced, and discussed in more detail in the paper, is the % of times a feature is used when someone visits the page, but ISNT used when you visit the page with AdBlock Plus and Ghostery installed.
In other words, its how often these popular blocking extensions prevent the JS APIs from firing.
Its not blocking SVG, its blocking (mostly fingerprinting) JS libraries from running SVG JS methods
^ Yeah. I use SVG heavily in all my web projects, and I've never seen a single user access one of my sites & had the SVG blocked. I wouldn't buy '87%' at all.
Just a note on this (I'm the lead author on the paper author), the blocking rate has to do with the reduction in JS usage when you install popular blocking extensions.
So its not that extensions block SVG directly, its that AdBlock Plus and Ghostery block a bunch of libraries, and those libraries use the SVG methods to finger print (and do other stuff)
