On Tue, Jul 10, 2012 at 09:35:04AM -0700, Chris Steipp wrote: > So if I'm understanding you, then if you go to > http://commons.wikimedia.org/SVG:myPic.svg, you see an article-like > rendering of the xml that makes up the svg. I don't know what you mean by "go to" and "article-like rendering of the xml"
I meant: If you call the URL http://commons.wikimedia.org/SVG:myPic.svg you will see (assuming it exists and everthing works correctly) nearly the same as you see now for such an URL (with File inplace of SVG). Only the "lead in"/ introdcution of the displayed page is different. It only contains ONE or NONE rendered bitmap if this SVG-file (and maybe a warning/error(?)). Then followed by all the description stuff which is also displayed currently for SVG-files. > You can then edit the xml > like a normal article. Whenever the "article" is saved, if it contains Yes! You can edit this myPic.svg -page like any article (talk/user/template/...) page (and this is supported also by this version-control stuff, etc)! > a <svg></svg> object, and if the native size is less than 1024x2048 > (or can be correctly scaled to a size smaller than this), then we also > create a bitmap/png at the native or scaled resolution. Yes, this maybe done behind the scene technically. But even if the image is 9x87654321 no error is thrown and you can edit it again or let it be displayed (given an empty image and a standard warning) followed by possible description. > There would then be some sort of action to call the bitmap for > display, maybe http://commons.wikimedia.org/SVG:myPic.svg?action=bitmap, > that would show the generated bitmap, with the correctly set > content-type header, probably "image/png". This could then be used > inside <img> tags, etc. ??? It is called for display as it is called for display NOW! :) No change IMHO URL http://en.wikipedia.org/wiki/SVG:myPic.svg like now URL http://en.wikipedia.org/wiki/File:myPic.svg (because it has its own categoary like articles, like talk-pages, like user-pages, like template-pages) You can call it from anywhere inside wikimedia/wikipedia with [[SVG:myPic.svg]] as it is currently called with [[File:myPic.svg]] . > If that's the case, then that addresses the security issues of having > javascript / external references in the picture. However, that then I don't see you security problem/point. If this exists, then it exists already currently for File:myPic.svg. And if it is solved (with filtering or what ever check done with SVG-uploaded files), do the same checks/filter for SVG-pages when uploaded/changed. Which xml-code is now allowed in SVG-uploaded (and displayed/used) files? Take the same rules (if you don't take the time to improve them :) ). Sorry, I still don't recognize the (new inserted by my proposal) security problem. :-/ Achim _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
