On 05/27/2014 12:37 PM, "Christian Müller" wrote:
Point 2) should be considered the easiest
implementation, 1) is harder to implement but gives even more freedom to SVG creators and
would adhere more closely to SVG standard. However, another argument for 2) would be the
licensing issue: It ensures that only images are linked to that have been properly
licensed by commons users and the upload process (and if a license violation is detected
and the linked-to bitmap removed from commons, the SVG using such a bitmap breaks
gracefully).
The problem with either is that, short of installing a very complicated
and brittle full URL parser in the SVG validation code, you open the
door to a number of very nearly insurmountable (and highly catastrophic)
security issues, the most important of which is that you then allow
anyone able to upload an image the capability to force either the client
or (worse) the image scalers to perform an arbitrary GET on the projects
-- including such things as API calls simply by viewing or processing an
image.
Even stringent validation is brittle and opens a number of hard to track
security vulnerabilities.
-- Marc