blob: 9649ba9b4ed6ba16de565b95fd036d29363037e8 (
plain)
We should support SVG. In particular:
-
We could support rendering SVGs to PNGs when compiling the wiki. Not all browsers support SVG yet.
-
We could support editing SVGs via the web interface. SVG can contain unsafe content such as scripting, so we would need to whitelist safe markup.
--[[JoshTriplett]]
[[wishlist]]
I'm allowing for inline SVG on my own installation. I've patched my
copy of htmlscrubber.pm to allow safe MathML and SVG elements (as
implemented in html5lib). Here's a patch
if anyone else is interested.
Actually, that patch wasn't quite
right. I'll post a new one when it's working properly. --[[JasonBlevins]]
I'd like to hear what people think about the following:
-
Including whitelists of elements and attributes for SVG and MathML in
htmlscrubber. See my current htmlscrubber.pm and the diff
from the current trunk.
-
Creating a whitelist of safe SVG (and maybe even HTML) style
attributes such as fill, stroke-width, etc.
This is how the sanitizer in html5lib works. It shouldn't be too
hard to translate the relevant parts to Perl.
--[[JasonBlevins]], March 21, 2008 11:39 EDT
Another problem is that HTML::Scrubber converts all tags to lowercase.
Some SVG elements, such as viewBox, are mixed case. It seems that
properly handling SVG might require moving to a different sanitizer.
It seems that HTML::Sanitizer has functions for sanitizing XHTML.
Any thoughts? --[[JasonBlevins]], March 21, 2008 13:54 EDT
|
