2007-04-24 23:27:19 +02:00
|
|
|
We should support SVG. In particular:
|
|
|
|
|
|
|
|
* We could support rendering SVGs to PNGs when compiling the wiki. Not all browsers support SVG yet.
|
|
|
|
|
|
|
|
* We could support editing SVGs via the web interface. SVG can contain unsafe content such as scripting, so we would need to whitelist safe markup.
|
2010-01-17 08:22:54 +01:00
|
|
|
* I am interested in seeing [svg-edit](http://code.google.com/p/svg-edit/) integrated -- [[EricDrechsel]]
|
2007-04-24 23:27:19 +02:00
|
|
|
|
2007-07-25 05:08:10 +02:00
|
|
|
--[[JoshTriplett]]
|
|
|
|
|
2008-03-21 18:58:25 +01:00
|
|
|
[[wishlist]]
|
|
|
|
|
2008-03-21 03:53:26 +01:00
|
|
|
I'm allowing for inline SVG on my own installation. I've patched my
|
|
|
|
copy of htmlscrubber.pm to allow safe MathML and SVG elements (as
|
2008-03-21 04:06:41 +01:00
|
|
|
implemented in html5lib). <del datetime="2008-03-20T23:04-05:00">Here's a patch
|
|
|
|
if anyone else is interested.</del>
|
|
|
|
<ins datetime="2008-03-20T23:05-05:00">Actually, that patch wasn't quite
|
|
|
|
right. I'll post a new one when it's working properly.</ins> --[[JasonBlevins]]
|
2008-03-21 03:53:26 +01:00
|
|
|
|
2008-03-21 16:40:33 +01:00
|
|
|
* * *
|
|
|
|
|
2008-03-21 16:19:00 +01:00
|
|
|
I'd like to hear what people think about the following:
|
|
|
|
|
|
|
|
1. Including whitelists of elements and attributes for SVG and MathML in
|
2008-03-24 20:47:13 +01:00
|
|
|
htmlscrubber.
|
2008-03-21 16:19:00 +01:00
|
|
|
|
|
|
|
2. Creating a whitelist of safe SVG (and maybe even HTML) style
|
|
|
|
attributes such as `fill`, `stroke-width`, etc.
|
|
|
|
|
|
|
|
This is how the [sanitizer][] in html5lib works. It shouldn't be too
|
|
|
|
hard to translate the relevant parts to Perl.
|
|
|
|
|
2008-03-21 16:40:33 +01:00
|
|
|
--[[JasonBlevins]], March 21, 2008 11:39 EDT
|
|
|
|
|
2008-03-21 16:19:00 +01:00
|
|
|
[sanitizer]: http://code.google.com/p/html5lib/source/browse/trunk/ruby/lib/html5/sanitizer.rb
|
|
|
|
|
2008-03-21 18:58:25 +01:00
|
|
|
* * *
|
|
|
|
|
|
|
|
Another problem is that [HTML::Scrubber][] converts all tags to lowercase.
|
|
|
|
Some SVG elements, such as viewBox, are mixed case. It seems that
|
|
|
|
properly handling SVG might require moving to a different sanitizer.
|
|
|
|
It seems that [HTML::Sanitizer][] has functions for sanitizing XHTML.
|
|
|
|
Any thoughts? --[[JasonBlevins]], March 21, 2008 13:54 EDT
|
|
|
|
|
|
|
|
[HTML::Scrubber]: http://search.cpan.org/~podmaster/HTML-Scrubber-0.08/Scrubber.pm
|
|
|
|
[HTML::Sanitizer]: http://search.cpan.org/~nesting/HTML-Sanitizer-0.04/Sanitizer.pm
|
2008-03-24 20:47:13 +01:00
|
|
|
|
|
|
|
I figured out a quick hack to make HTML::Scrubber case-sensitive by
|
|
|
|
making the underlying HTML::Parser case-sensitive:
|
|
|
|
|
|
|
|
$_scrubber->{_p}->case_sensitive(1);
|
|
|
|
|
|
|
|
So now I've got a version of [htmlscrubber.pm][] ([diff][])
|
|
|
|
which allows safe SVG and MathML elements and attributes (but no
|
|
|
|
styles—do we need them?). I'd be thrilled to see this
|
|
|
|
in the trunk if other people think it's useful.
|
|
|
|
--[[JasonBlevins]], March 24, 2008 14:56 EDT
|
|
|
|
|
|
|
|
[htmlscrubber.pm]:http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blob;f=IkiWiki/Plugin/htmlscrubber.pm;h=3c0ddc8f25bd8cb863634a9d54b40e299e60f7df;hb=fe333c8e5b4a5f374a059596ee698dacd755182d
|
|
|
|
[diff]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blobdiff;f=IkiWiki/Plugin/htmlscrubber.pm;h=3c0ddc8f25bd8cb863634a9d54b40e299e60f7df;hp=3bdaccea119ec0e1b289a0da2f6d90e2219b8d66;hb=fe333c8e5b4a5f374a059596ee698dacd755182d;hpb=be0b4f603f918444b906e42825908ddac78b7073
|