Opened 12 years ago
Last modified 11 years ago
#634 in_progress enhancement
Implement SVG support
Reported by: | mrb | Owned by: | pythonsnake |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | programming | Keywords: | |
Cc: | Parent Tickets: |
Description
I would like to request support for support for SVG (images)
Change History (5)
comment:1 by , 12 years ago
Owner: | set to |
---|---|
Status: | new → assigned |
comment:2 by , 12 years ago
comment:3 by , 12 years ago
Status: | assigned → in_progress |
---|
Hi! I'm moving this ticket from "assigned" to in_progress per our new workflow. Please update the ticket and let us know if you're still working on this. If you are, super great! If not, we'll remove the claim and move it back to "accepted" in a couple of weeks.
Thanks!
comment:4 by , 11 years ago
An option to disable server-side rendering and sanitation would be nice. If the SVG is loaded using <img>, the browser won't execute scripts anyway. All common browsers now have SVG support. On many servers, uploaders are semi-trusted.
Also, the rendering bugs in RSVG are real provoking, especially since it forces you to modify an image that you know is correct and follows the standard.
On MediaWiki, the raw SVG's are available on a different domain. AFAIK, MediaGoblin hosts image resources on the same host as other stuff, which would mean XSS exploits if there wasn't any sanitation. But I think this should at least be an option, maybe with a big fat warning.
I don't know why Wikpedia's MediaWiki installation doesn't allow loading SVG's over <img> yet, but I think MediaGoblin should at least have the option.
comment:5 by , 11 years ago
We've made an experimental SVG plugin at Commons Machinery: https://github.com/commonsmachinery/mediagoblin_svg
That might at least provide a starting point for further developments in that direction. At best, become the full-featured SVG mediatype. For now it only renders images as PNGs and provides a link for original vectors. There's an option to display SVGs as <img>'s as well.
Update: uploading SVG works now. Next step: sanitize SVGs!