- From: tatarize via GitHub <sysbot+gh@w3.org>
- Date: Thu, 03 Jun 2021 05:09:31 +0000
- To: public-svg-issues@w3.org
There is clearly some ubiquity of using svg as a general vector file in a safe and consistent way. I use them for running a laser cutter but for security reasons, and simple practicality I would never permit scripts within them to run. However, the scripts are technically valid. If there were a firm line saying scripts in this particular svg are invalid and should not be run, one could check that a particular svg is flagged as having no `references to external resources` and no `script execution` or `interactivity`. If there were some methodology of quickly declaring that my particular svg is `secure animated mode` or `static mode` it might be entirely possible to declare that my use of SVG is limited and thus safe. If there was a flag for the svg object that, for example, would turn these options off or refuse to process the SVG at all if any non-strict element was found, one could even inline insecure svgs flagging their headers with the required mode and depending on the browser to prevent non-strict elements from executing. -- GitHub Notification of comment by tatarize Please view or discuss this issue at https://github.com/w3c/svgwg/issues/837#issuecomment-853566699 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 3 June 2021 05:10:15 UTC