[Bug 27544] SVG images that are invalid XML no longer rendered

bugzilla-daemon Mon, 21 Feb 2011 15:46:43 -0800

https://bugzilla.wikimedia.org/show_bug.cgi?id=27544


Aryeh Gregor <simetrical+wikib...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |Simetrical+wikibugs@gmail.c
                   |                            |om

--- Comment #22 from Aryeh Gregor <simetrical+wikib...@gmail.com> 2011-02-21 
23:46:25 UTC ---
Although maybe we should define a subset of SVG using our own DTD, excluding
script elements and attributes, and test for validity using that DTD.  That
would be a very easy way to do whitelist-based security, which makes me feel
happier than the current blacklist-based approach.  Are we really sure that all
JS-activating attributes start with "on", and that no element will allow script
if it's not named "script"?  (But that's a separate issue.)

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

[Bug 27544] SVG images that are invalid XML no longer rendered

Reply via email to