I'm getting the following error when trying to upload an SVG image: "This SVG file contains an illegal namespace "http://sozi.baierouge.fr"
In searching for a solution to this, I've found http://www.mediawiki.org/wiki/Extension:WhitelistedNamespaces
Do I really need to install another extension to solve this problem? Why would a domain name in an SVG even trigger this Warning on upload? Also, checking the Ignore Warnings radio button in the upload form doesn't have any effect.
Thanks Bill
That's the xml namespace of an element, which we whitelist since a number of namespaces introduce way to execute javascript.
You can add it to the list in UploadBase.php, and feel free to push the change back up and I'll add it if it looks sane.
On Thu, Mar 26, 2015 at 11:29 AM, Bill Traynor btraynor@gmail.com wrote:
I'm getting the following error when trying to upload an SVG image: "This SVG file contains an illegal namespace "http://sozi.baierouge.fr"
In searching for a solution to this, I've found http://www.mediawiki.org/wiki/Extension:WhitelistedNamespaces
Do I really need to install another extension to solve this problem? Why would a domain name in an SVG even trigger this Warning on upload? Also, checking the Ignore Warnings radio button in the upload form doesn't have any effect.
Thanks Bill
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
On Thu, Mar 26, 2015 at 3:00 PM, Chris Steipp csteipp@wikimedia.org wrote:
That's the xml namespace of an element, which we whitelist since a number of namespaces introduce way to execute javascript.
You can add it to the list in UploadBase.php, and feel free to push the change back up and I'll add it if it looks sane.
Thanks Chris,
I added it to the line:
at the end of the $validNamespaces array in UploadBase.php but now I receive:
"This file contains HTML or script code that may be erroneously interpreted by a web browser."
grepping for that error in the source now.
On Thu, Mar 26, 2015 at 11:29 AM, Bill Traynor btraynor@gmail.com wrote:
I'm getting the following error when trying to upload an SVG image: "This SVG file contains an illegal namespace "http://sozi.baierouge.fr"
In searching for a solution to this, I've found http://www.mediawiki.org/wiki/Extension:WhitelistedNamespaces
Do I really need to install another extension to solve this problem? Why would a domain name in an SVG even trigger this Warning on upload? Also, checking the Ignore Warnings radio button in the upload form doesn't have any effect.
Thanks Bill
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
This means exactly what it says. There is a script in the file, that a webbrowser might execute, which is a security risk. Judging from http://sozi.baierouge.fr/pages/10-about.html, the script in the file is probably just used to do animations, but MediaWiki cannot know that.
You can flip the wgDisableUploadScriptChecks setting, but you should only do that on wiki's where you can fully trust every single user that is able to upload a file.
DJ
On 26 mrt. 2015, at 20:25, Bill Traynor btraynor@gmail.com wrote:
On Thu, Mar 26, 2015 at 3:00 PM, Chris Steipp csteipp@wikimedia.org wrote:
That's the xml namespace of an element, which we whitelist since a number of namespaces introduce way to execute javascript.
You can add it to the list in UploadBase.php, and feel free to push the change back up and I'll add it if it looks sane.
Thanks Chris,
I added it to the line:
at the end of the $validNamespaces array in UploadBase.php but now I receive:
"This file contains HTML or script code that may be erroneously interpreted by a web browser."
grepping for that error in the source now.
On Thu, Mar 26, 2015 at 11:29 AM, Bill Traynor btraynor@gmail.com wrote:
I'm getting the following error when trying to upload an SVG image: "This SVG file contains an illegal namespace "http://sozi.baierouge.fr"
In searching for a solution to this, I've found http://www.mediawiki.org/wiki/Extension:WhitelistedNamespaces
Do I really need to install another extension to solve this problem? Why would a domain name in an SVG even trigger this Warning on upload? Also, checking the Ignore Warnings radio button in the upload form doesn't have any effect.
Thanks Bill
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
mediawiki-l@lists.wikimedia.org