-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Andrew Archibald schrieb:
This is easily remedied by allowing SVG upload, which is why I am asking what would be needed for it to be re-enabled.
Since SVG is "just" XML, and we "only" want static images (at the moment), can't we just filter all the evil parts out? Have a whitelist for tags and attributes, parse the SVG as XML, remove everything not on the whitelist, and save the result?
This could be expanded gradually as the need arises (clickable objects etc.).
Magnus