Re: [svgwg] SVG MIME Type (image/svg+xml) is misleading to developers from Scott via GitHub on 2016-10-22 (public-svg-issues@w3.org from October 2016)

From: Scott via GitHub <sysbot+gh@w3.org>
Date: Sat, 22 Oct 2016 20:59:58 +0000
To: public-svg-issues@w3.org
Message-ID: <issue_comment.created-255553714-1477169996-sysbot+gh@w3.org>

I thought the intent would be more clear from the forking suggestion, 
but the goal is to make `image/svg+xml` **NEVER** allow code 
execution. If you need this "feature", make it available under a 
separate format (demarcated as "application/foo" rather than 
"image/foo", possibly as a svgx file rather than svg).

As the standard exists today, it's a security foot-cannon for 
developers.

-- 
GitHub Notification of comment by paragonie-scott
Please view or discuss this issue at 
https://github.com/w3c/svgwg/issues/266#issuecomment-255553714 using 
your GitHub account

Received on Saturday, 22 October 2016 21:00:06 UTC