W3C home > Mailing lists > Public > www-svg@w3.org > November 2005

Re: Have you ever thought about security issues?

From: Maxim Shemanarev <mcseem@antigrain.com>
Date: Fri, 11 Nov 2005 11:41:10 -0500
Message-ID: <005d01c5e6de$b9599070$0202a8c0@mcseemxp1>
To: <www-svg@w3.org>

> Inkscape gets that part of the standard partly right: it at least
> refuses to render circular references; in general they do not cause
> harm (if you can find some cases where it does, please let us know).Well, 
> at least the version I have (v4.1) just gets into an infinite loop and 
> doesn't respond. I don't think it's correct.

Anyway, there's a choice if you control the level of recursion (and it's a 
must IMO). You can report an error and stop, or you can keep rendering until 
some level of recursion is exceeded. I don't see any other elegant way of 
detecting the loops, because they can have any level of indirection (a 
pattern refers to another pattern that refers to another pattern, etc... and 
the first pattern refers to the first one).
BTW, is that legal to have *nested* patterns/markers at all in SVG? I think 
it should be, but some agents don't do that. For example, FireFox SVG 
doesn't draw nested markers (it doesn't draw patterns at all, though).

Received on Friday, 11 November 2005 16:41:45 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 8 March 2017 09:47:05 UTC