Magnus Manske wrote:
Andrew Archibald schrieb:
This is easily remedied by allowing SVG upload, which is why I am asking what would be needed for it to be re-enabled.
Since SVG is "just" XML, and we "only" want static images (at the moment), can't we just filter all the evil parts out? Have a whitelist for tags and attributes, parse the SVG as XML, remove everything not on the whitelist, and save the result?
This could be expanded gradually as the need arises (clickable objects etc.).
Magnus
Well, yes, one could write such a program. I did. A version is at http://en.wikipedia.org/wiki/User:Aarchiba/SVG_sanitizer
What I'm trying to do now is get someone to tell me what else needs to be done to get SVG uploads enabled.
Andrew