W3C home > Mailing lists > Public > www-svg@w3.org > November 2005

Have you ever thought about security issues?

From: Maxim Shemanarev <mcseem@antigrain.com>
Date: Fri, 11 Nov 2005 10:43:12 -0500
Message-ID: <002f01c5e6d6$a0730710$0202a8c0@mcseemxp1>
To: <www-svg@w3.org>

Consider the following recursive pattern in SVG:

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
<svg width="100%" height="100%" viewBox="0 0 400 400"
     xmlns="http://www.w3.org/2000/svg" version="1.1">

    <pattern id="CirclePattern" patternUnits="objectBoundingBox"
             x="0" y="0" width="0.5" height="0.5"
             viewBox="0 0 100 100"
      <circle cx="50" cy="50" r="50" stroke-width="5"
              fill="url(#CirclePattern)" stroke="blue" />

  <rect fill="none" stroke="blue"
        x="1" y="1" width="398" height="398"/>

  <circle fill="url(#CirclePattern)" stroke="black" stroke-width="5"
           cx="200" cy="200" r="100"/>
It supposed to render the following:

It crashes Adobe SVG and leads to weird behaviour in Inkscape and Sketsa. 
The main problem is that it's a *classical security flaw* and I consider an 
SVG agent as not working if it doesn't handle these recursive things. They 
can be also markers, <use> elements, what else?

I'm afraid nobody has ever thought of it. Are there any recommendations from 

Received on Friday, 11 November 2005 15:43:17 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:54:08 UTC