W3C home > Mailing lists > Public > www-svg@w3.org > November 2005

Re: Have you ever thought about security issues?

From: Chris Lilley <chris@w3.org>
Date: Fri, 11 Nov 2005 18:05:36 +0100
Message-ID: <655346045.20051111180536@w3.org>
To: "Maxim Shemanarev" <mcseem@antigrain.com>
Cc: www-svg@w3.org

On Friday, November 11, 2005, 5:41:10 PM, Maxim wrote:

>> Inkscape gets that part of the standard partly right: it at least
>> refuses to render circular references; in general they do not cause
>> harm (if you can find some cases where it does, please let us know).Well, 
>> at least the version I have (v4.1) just gets into an infinite loop and 
>> doesn't respond. I don't think it's correct.

MS> Anyway, there's a choice if you control the level of recursion (and it's a
MS> must IMO). You can report an error and stop, or you can keep rendering until
MS> some level of recursion is exceeded.

That would have been a choice we could have made, yes. We chose to stop
at the first detection of a loop.

MS>  I don't see any other elegant way of
MS> detecting the loops, because they can have any level of indirection (a 
MS> pattern refers to another pattern that refers to another pattern, etc... and
MS> the first pattern refers to the first one).
MS> BTW, is that legal to have *nested* patterns/markers at all in SVG?


Yes. As long as they are not circular. so you can have markers that are
themselves stroked and have markers... if you really must.

MS> I think
MS> it should be, but some agents don't do that. For example, FireFox SVG 
MS> doesn't draw nested markers (it doesn't draw patterns at all, though).

MS> McSeem







-- 
 Chris Lilley                    mailto:chris@w3.org
 Chair, W3C SVG Working Group
 W3C Graphics Activity Lead
 Co-Chair, W3C Hypertext CG
Received on Friday, 11 November 2005 17:05:41 GMT

This archive was generated by hypermail 2.3.1 : Friday, 8 March 2013 15:54:32 GMT