Hi everyone,
For [this week's ArchCom-RFC meeting][E325], let's talk about SVG.
As you probably know, MediaWiki optionally allows for SVG uploads, which is allowed on many Wikimedia wikis (e.g. on Commons). However, in order to make this preference safe to use, we need to validate the SVG.
One thing that's allowed in the SVG spec is to embed fragments of XHTML inside the SVG. This isn't just a obscure spec feature; this is understood to be the best way to embed a caption for a diagram that allows for word wrap when the image is scaled. Having XHTML support also would allow for greater compatibility between MediaWiki and real-world SVG editing tools (e.g. like draw.io)
matmarex made a suggestion in [the bug for this][T138783]:
We have a HTML validation library (the Sanitizer class) and it could probably be hooked up to validating HTML in SVG file uploads. But it would definitely require some work.
It's not officially an RFC, but I suggested it as a discussion topic in [last week's ArchCom planning meeting][3], and no one objected.
Let's see if we can answer a couple of questions: 1. Is this a good idea in theory? i.e. is it possible/likely that an experienced developer could implement something that can pass security review, or is it conceptually flawed? 2. Is matmarex's suggested approach a good one? 3. Should we turn our SVG validation code into a proper library? 4. (if there's time) Let's step through the [brion's June 30 comment][4]
This week it will be the usual time (Wednesday 21 UTC, 14 PDT, 23 CEST) and place (#wikimedia-office). Next week, things get complicated because of the end of [Summer Time in Europe][5]; an announcement about next week's meeting will hopefully find its way to the [ArchComStatus page][6].
Rob
[E325]: https://phabricator.wikimedia.org/E325 [T138783]: https://phabricator.wikimedia.org/T138783 [3]: https://www.mediawiki.org/wiki/Architecture_committee/2016-10-19 [4]: https://phabricator.wikimedia.org/T138783#2419210 [5]: https://en.wikipedia.org/wiki/Summer_Time_in_Europe [6]: https://www.mediawiki.org/wiki/ArchComStatus