On 05/01/11 00:37, Roan Kattouw wrote:
2011/1/3 Brion Vibber brion@pobox.com:
My SVGEdit wrapper code is currently using the ApiSVGProxy extension to read SVG files via the local MediaWiki API. This seems to work fine locally, but it's not enabled on Wikimedia sites, and likely won't be generally around; it looks like Roan threw it together as a test, and I'm not sure if anybody's got plans on keeping it up or merging to core.
I threw it together real quick about a year ago, because of a request from Brad Neuberg from Google, who needed it so he could use SVGWeb (a Flash thingy that provides SVG support for IE versions that don't support SVG natively). Tim was supposed to review it but I don't remember whether he ever did.
I reviewed the JavaScript side, and asked for two changes:
* Make it possible to disable client-side scripting in configuration * Fix the interface between JS and Flash, which was using __SVG__DELIMIT as a delimiter without checking for that string in the input. User input containing this string could thus pass arbitrary parameters to flash, with possible security consequences.
Three weeks after my review, Brad opened a ticket:
http://code.google.com/p/svgweb/issues/detail?id=446
I haven't heard anything back from them since, and I see the ticket is still open. I haven't reviewed the Flash side.
-- Tim Starling