On Tue, 2014-04-22 at 17:59 +0200, Jonas Drange wrote: > > > On Tue, Apr 22, 2014 at 5:43 PM, Rodney Dawes > <rodney.da...@canonical.com> wrote: > My suggestion wasn't to replace all the PNGs with SVGs. In > some cases > that's just not feasible, because the images were drawn with > raster > editors anyway. But making SVG an option on upload, will let > people who > want to use it, use it, and can certainly help reduce file > size for > transferring the icon. I'd certainly want to be able to use it > for any > apps I were to make. > > > Aren't user uploaded SVGs a potential security risk? Is it possible to > completely sanitize an SVG document?
How so? Sure it's possible to sanitize it. But I don't see how it's any more of a security risk than someone uploading a PNG or JPEG that exploits a problem in libpng or libjpeg. Is it any worse than uploading a click package that does evil things? Should we be running code in apps through sanity checkers as well as the artwork? -- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : ubuntu-appstore-developers@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
