@mcc @citrusui I feel like SVG filters being turing complete is kind of a buried lede here

@aburka @mcc @citrusui I mean... it's kinda not the issue. The issue is what data browsers are wrongly giving them access to (the rendered view underneath them), not the computational power. It's a simple failure to enforce privilege domains correctly.

@dalias @aburka @mcc @citrusui also worth noting that turing completeness is a property not just of an intentionally-designed language, but the entire system the language is embedded within. if you can create a file at a specific path and then read whatever is stored at that path you often have enough to achieve turing completeness, and if users don't have well-documented affordances that satisfy their needs, they will find a workaround. and now you have both turing-completeness and a dependency on spooky action at a distance i.e. external state not tracked by the desired model