Prerequisites

• I verified that this is not a filter list issue. Report any issues with filter lists or broken website functionality in the uAssets issue tracker.
• This is NOT a YouTube, Facebook or Twitch report. These sites MUST be reported by clicking their respective links.
• This is not a support issue or a question. For support, questions, or help, visit /r/uBlockOrigin.
• I performed a cursory search of the issue tracker to avoid opening a duplicate issue.
• The issue is not present after disabling uBO in the browser.
• I checked the documentation to understand that the issue I am reporting is not normal behavior.

I tried to reproduce the issue when...

• uBO is the only extension.
• uBO uses default lists and settings.
• using a new, unmodified browser profile.

Description

It would be nice if uBlock Origin can block javascript inside svg files.
(as it is being abused, see https://arstechnica.com/security/2025/08/adult-sites-use-malicious-svg-files-to-rack-up-likes-on-facebook/ for example, or https://www.cloudflare.com/threat-intelligence/research/report/svgs-the-hackers-canvas/ or https://www.ibm.com/think/x-force/weaponized-svgs-inside-a-global-phishing-campaign-targeting-financial-institutions )

A specific URL where the issue occurs.

https://www.bpb.de/kurz-knapp/zahlen-und-fakten/soziale-situation-in-deutschland/61625/auslaendische-bevoelkerung-nach-bundeslaendern/

Steps to Reproduce

1. Open the URL ^^^
2. Click on the white "WEST-/OSTDEUTSCHLAND" button inside the svg graph (top right)
3. Observe that javascript inside the svg file is executed

Expected behavior

Could uBlock origin add a feature to disable scripts inside svg files specifically?
(the svg could be embedded in the HTML in many different ways)

Actual behavior

The javascript is always executed (unless all js is disabled)

uBO version

1.65.0

Browser name and version

Firefox 142.0b7

Operating System and version

macOS Sequoia