Christian Thiele: > I don't know about security problems, but as I understood, you create the > SVGs for your own, so this shouldn't be a problem.
The security problem with rsvg, at least when called from the command line,
is that it will honour any external file references in the SVG file. If you
generate the SVG yourself, this doesn't apply, because you control any such
references.
The rsvg version on the Solaris systems (but *not* on Linux) has Wikimedia's
patch to disable external file inclusion, so it should be safe to process
untrusted SVGs with that.
- river.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Toolserver-l mailing list ([email protected]) https://lists.wikimedia.org/mailman/listinfo/toolserver-l Posting guidelines for this list: https://wiki.toolserver.org/view/Mailing_list_etiquette
