On 05/01/11 00:37, Roan Kattouw wrote:
2011/1/3 Brion Vibber <brion(a)pobox.com>om>:
My SVGEdit wrapper code is currently using the
ApiSVGProxy extension to read
SVG files via the local MediaWiki API. This seems to work fine locally, but
it's not enabled on Wikimedia sites, and likely won't be generally around;
it looks like Roan threw it together as a test, and I'm not sure if
anybody's got plans on keeping it up or merging to core.
I threw it together real quick about a year ago, because of a request
from Brad Neuberg from Google, who needed it so he could use SVGWeb (a
Flash thingy that provides SVG support for IE versions that don't
support SVG natively). Tim was supposed to review it but I don't
remember whether he ever did.
I reviewed the JavaScript side, and asked for two changes:
* Make it possible to disable client-side scripting in configuration
* Fix the interface between JS and Flash, which was using
__SVG__DELIMIT as a delimiter without checking for that string in the
input. User input containing this string could thus pass arbitrary
parameters to flash, with possible security consequences.
Three weeks after my review, Brad opened a ticket:
http://code.google.com/p/svgweb/issues/detail?id=446
I haven't heard anything back from them since, and I see the ticket is
still open. I haven't reviewed the Flash side.
-- Tim Starling