The com.glide.csp.self_script_src_svg property adds the script-src none directive to the HTTP Content-Security-Policy header when Scalable Vector Graphics (SVGs) are accessed through the Translation Memory Index (IIX) file extension.

The com.glide.csp.self_script_src_svg property prevents malicious file attachments that stores cross site scripting (XSS) attacks from running in an instance. Without this policy, a bad actor could cause a user to run arbitrary JavaScript code in their web browser which could lead to security vulnerabilities such as data exfiltration and session takeover.

More information