Comment by bawolff

I think CSS just wanted to be able to apply filters (blur() is a very common use case). Since a filtering language already existed for svgs, and web browsers had already implemented it, it made sense to connect the two. SVGs can also be styled via css, so there needed to be a syntax to mark in document filters as applying to specific svg elements.

I dont really think css filter is neccesary here though. I suspect the exploit could be implemented without that part just by embedding svg on the page.