- From: Geoffrey Sneddon via GitHub <sysbot+gh@w3.org>
- Date: Sat, 22 Oct 2016 19:50:55 +0000
- To: public-svg-issues@w3.org
What practical effect does deprecation of `image/svg+xml` have, and how does it address concerns about scriptability of the format? Given the underlying XSS problems are caused by how browsers' implementation of SVG, and merely changing the spec to say `image/svg+xml` is deprecated does nothing to change their implementation. Realistically, `image/svg+xml` is unlikely to ever go away. Now, the question is any change can ever be made to the scriptability of that Content-Type, and similarly I suspect that it won't be plausible, which would make any deprecation or reduction in scope unlikely to ever be implemented. -- GitHub Notification of comment by gsnedders Please view or discuss this issue at https://github.com/w3c/svgwg/issues/266#issuecomment-255549923 using your GitHub account
Received on Saturday, 22 October 2016 19:51:02 UTC