How would this work for non-wmf wikis? what about executing JavaScript that is posted to a approved wiki? This would make XSS and a whole host of other problems a lot easier to do. So we whitelist commons.wikimedia.org whats stopping a user from making a user subpage with some JS code that executes something arbitrary? Leaving SVG without external media is honestly the best way of doing it. Would you really trust a file that can load just about anything it wants arbitrarily?
On Tue, May 27, 2014 at 9:05 PM, C. Scott Ananian cananian@wikimedia.orgwrote:
I agree that a simple whitelist might be workable, but it does depend on a bit of code auditing of librsvg to ensure that it can be done robustly. --scott
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l