I'll note that wikipedia also currently uses the SVG systemLanguage option in a non-standard way which isn't supported by browsers: https://phabricator.wikimedia.org/T60920
So SVGs which use this feature would have to be blacklisted somehow and always rendered to PNG. --scott
On Fri, May 13, 2016 at 7:58 PM, Gabriel Wicke gwicke@wikimedia.org wrote:
Another option might be to piggy-back on the current work towards lazy-loaded images [1]. Since this is using JS, it could take into account network performance & screen resolutions, in addition to browser capabilities. Designing this to degrade gracefully without JS might be a bit tricky, though.
Gabriel
On Fri, May 13, 2016 at 3:29 PM, Bartosz Dziewoński matma.rex@gmail.com wrote:
On 2016-05-13 22:28, Jon Robson wrote:
The ResourceLoaderImage module is being used widely to generate SVG icons with png fallbacks. I'd be interested in seeing if we can use this in some way for optimising SVGs and removing meta data.
I don't know what you have in mind, but please remember that ResourceLoaderImage was not written with security in mind. It has a very simplified version of our usual SVG rendering code, and it assumes that
any
SVG files passed to it is trusted. We traded some caution for some performance. Giving it user-controlled data is going to result in
security
vulnerabilities (at the very least some denial of service ones).
-- Bartosz Dziewoński
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
-- Gabriel Wicke Principal Engineer, Wikimedia Foundation
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l