https://bugzilla.wikimedia.org/show_bug.cgi?id=63806
--- Comment #5 from Chris Steipp <[email protected]> --- (In reply to C. Scott Ananian from comment #4) > To recap: we think that, because there are security implications, we > shouldn't allow .svgs as external images unless the wiki owner has > explicitly set a configuration variable to opt-in to this behavior. > > The new variable should also be mentioned in the RELEASE NOTES. My initial thought is to agree with gwicke, and this should have it's own flag. The SOP of javascript in svg files is a little murky, and each browser has their own way of implementing controls around it. I'd rather be safe and realize a year from now we can combine the flags than suddenly put everyone using the existing functionality at risk. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
