[Toolserver-l] what's the best way to convert SVGs to PNGs on the toolserver?
River Tarnell
river.tarnell at wikimedia.de
Tue Feb 16 07:33:23 UTC 2010
Christian Thiele:
> I don't know about security problems, but as I understood, you create the
> SVGs for your own, so this shouldn't be a problem.
The security problem with rsvg, at least when called from the command line,
is that it will honour any external file references in the SVG file. If you
generate the SVG yourself, this doesn't apply, because you control any such
references.
The rsvg version on the Solaris systems (but *not* on Linux) has Wikimedia's
patch to disable external file inclusion, so it should be safe to process
untrusted SVGs with that.
- river.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4223 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.wikimedia.org/pipermail/toolserver-l/attachments/20100216/9dcc9723/attachment.bin
More information about the Toolserver-l
mailing list