I was poking around in UploadBase today because Quim asked how we checked SVGs to make sure they are not full of nasty javascript stuff and realised that we have a non-trivial amount of code in there for that purpose. That got me wondering if that code and other scanning and filtering things would be a good candidate for a library to extract share with the wider world. Thoughts?
Bryan
If you can untangle that mess, that would be great to have in a library. I'm not sure how easy it would be though (Upload code is some of my least favorite in MediaWiki).
On Fri, Oct 31, 2014 at 4:50 PM, Bryan Davis bd808@wikimedia.org wrote:
I was poking around in UploadBase today because Quim asked how we checked SVGs to make sure they are not full of nasty javascript stuff and realised that we have a non-trivial amount of code in there for that purpose. That got me wondering if that code and other scanning and filtering things would be a good candidate for a library to extract share with the wider world. Thoughts?
Bryan
Bryan Davis Wikimedia Foundation bd808@wikimedia.org [[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA irc: bd808 v:415.839.6885 x6855
MediaWiki-Core mailing list MediaWiki-Core@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-core
Svg checker relies on the sanitizer class right now. It we extracted that whole thing (sanitizer plus file filtering), it wouldn't be to bad. One thought about pulling out the svg bits for a while. On Oct 31, 2014 4:58 PM, "Aaron Schulz" aschulz@wikimedia.org wrote:
If you can untangle that mess, that would be great to have in a library. I'm not sure how easy it would be though (Upload code is some of my least favorite in MediaWiki).
On Fri, Oct 31, 2014 at 4:50 PM, Bryan Davis bd808@wikimedia.org wrote:
I was poking around in UploadBase today because Quim asked how we checked SVGs to make sure they are not full of nasty javascript stuff and realised that we have a non-trivial amount of code in there for that purpose. That got me wondering if that code and other scanning and filtering things would be a good candidate for a library to extract share with the wider world. Thoughts?
Bryan
Bryan Davis Wikimedia Foundation bd808@wikimedia.org [[m:User:BDavis_(WMF)]] Sr Software Engineer Boise, ID USA irc: bd808 v:415.839.6885 x6855
MediaWiki-Core mailing list MediaWiki-Core@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-core
-- -Aaron S
mediawiki-core@lists.wikimedia.org