summaryrefslogtreecommitdiff
path: root/doc/todo/svg.mdwn
blob: 89b183db64905f9fd8f66ce66f270c31f3580425 (plain)

We should support SVG. In particular:

  • We could support rendering SVGs to PNGs when compiling the wiki. Not all browsers support SVG yet.

  • We could support editing SVGs via the web interface. SVG can contain unsafe content such as scripting, so we would need to whitelist safe markup.

    • I am interested in seeing svg-edit integrated -- [[EricDrechsel]]

--[[JoshTriplett]]

[[wishlist]]

I'm allowing for inline SVG on my own installation. I've patched my copy of htmlscrubber.pm to allow safe MathML and SVG elements (as implemented in html5lib). Here's a patch if anyone else is interested. Actually, that patch wasn't quite right. I'll post a new one when it's working properly. --[[JasonBlevins]]


I'd like to hear what people think about the following:

  1. Including whitelists of elements and attributes for SVG and MathML in htmlscrubber.

  2. Creating a whitelist of safe SVG (and maybe even HTML) style attributes such as fill, stroke-width, etc.

    This is how the sanitizer in html5lib works. It shouldn't be too hard to translate the relevant parts to Perl.

    --[[JasonBlevins]], March 21, 2008 11:39 EDT


Another problem is that HTML::Scrubber converts all tags to lowercase. Some SVG elements, such as viewBox, are mixed case. It seems that properly handling SVG might require moving to a different sanitizer. It seems that HTML::Sanitizer has functions for sanitizing XHTML. Any thoughts? --[[JasonBlevins]], March 21, 2008 13:54 EDT

I figured out a quick hack to make HTML::Scrubber case-sensitive by making the underlying HTML::Parser case-sensitive:

$_scrubber->{_p}->case_sensitive(1);

So now I've got a version of htmlscrubber.pm (diff) which allows safe SVG and MathML elements and attributes (but no styles—do we need them?). I'd be thrilled to see this in the trunk if other people think it's useful. --[[JasonBlevins]], March 24, 2008 14:56 EDT