-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Andrew Archibald schrieb:
This is easily remedied by allowing SVG upload, which
is why I am asking
what would be needed for it to be re-enabled.
Since SVG is "just" XML, and we "only" want static images (at the
moment), can't we just filter all the evil parts out? Have a whitelist
for tags and attributes, parse the SVG as XML, remove everything not on
the whitelist, and save the result?
This could be expanded gradually as the need arises (clickable objects
etc.).
Magnus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird -
http://enigmail.mozdev.org
iD8DBQFCQdT5CZKBJbEFcz0RAnC8AJ9s0t7dSxDTj5CwF51vRJA9Ts9Q9QCffQtn
ln3Hajun7gXqj7xoqE8gZco=
=p5+X
-----END PGP SIGNATURE-----