>> I looked into this for you. It's not a very complicated situation.
There is a security consideration that unfortunately will add some complexity, if this is going to be deployed on wmf sites. It may be part of the reason 5899 was never deployed. SVGs can include javascript which is a security concern, and remote images and css references which can violate our privacy policy. So at minimum, we would need to re-run the image through our filtering (currently UploadBase::detectScript()) before it's saved, and throw an error if any scripts are detected. Or, we can do what we do with wikitext and convert/filter the output just before we display it, according to a set of rules of what entities and attributes are allowed, which will be very different from the set that are used for html. So because of that, I think it will be a bit of work-- but at the same time I think it's great someone is tackling the issue! Maybe you would be able to leverage the work that's going on with content type handling (http://meta.wikimedia.org/wiki/Wikidata/Notes/ContentHandler)? _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
