ikiwiki/doc/todo/svg.mdwn

We should support SVG.  In particular:

* We could support rendering SVGs to PNGs when compiling the wiki.  Not all browsers support SVG yet.

* We could support editing SVGs via the web interface.  SVG can contain unsafe content such as scripting, so we would need to whitelist safe markup.

--[[JoshTriplett]]

[[wishlist]]

I'm allowing for inline SVG on my own installation.  I've patched my
copy of htmlscrubber.pm to allow safe MathML and SVG elements (as
implemented in html5lib).  <del datetime="2008-03-20T23:04-05:00">Here's a patch
if anyone else is interested.</del>
<ins datetime="2008-03-20T23:05-05:00">Actually, that patch wasn't quite
right.  I'll post a new one when it's working properly.</ins> --[[JasonBlevins]]

* * *

I'd like to hear what people think about the following:

1. Including whitelists of elements and attributes for SVG and MathML in
   htmlscrubber.  See my current [htmlscrubber.pm][] and the [diff][]
   from the current trunk.

2. Creating a whitelist of safe SVG (and maybe even HTML) style
   attributes such as `fill`, `stroke-width`, etc.

   This is how the [sanitizer][] in html5lib works.  It shouldn't be too
   hard to translate the relevant parts to Perl.

   --[[JasonBlevins]], March 21, 2008 11:39 EDT

[htmlscrubber.pm]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blob;f=IkiWiki/Plugin/htmlscrubber.pm;hb=fa9045c07efce434f24edb05b542c88815452873
[diff]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blobdiff;f=IkiWiki/Plugin/htmlscrubber.pm;h=35c546620f8f58eb50c72783f11d422b06de93ca;hp=3bdaccea119ec0e1b289a0da2f6d90e2219b8d66;hb=fa9045c07efce434f24edb05b542c88815452873;hpb=be0b4f603f918444b906e42825908ddac78b7073
[sanitizer]: http://code.google.com/p/html5lib/source/browse/trunk/ruby/lib/html5/sanitizer.rb

* * * 

Another problem is that [HTML::Scrubber][] converts all tags to lowercase.
Some SVG elements, such as viewBox, are mixed case.  It seems that
properly handling SVG might require moving to a different sanitizer.
It seems that [HTML::Sanitizer][] has functions for sanitizing XHTML.
Any thoughts? --[[JasonBlevins]], March 21, 2008 13:54 EDT

[HTML::Scrubber]: http://search.cpan.org/~podmaster/HTML-Scrubber-0.08/Scrubber.pm
[HTML::Sanitizer]: http://search.cpan.org/~nesting/HTML-Sanitizer-0.04/Sanitizer.pm
web commit by JoshTriplett 2007-04-24 23:27:19 +02:00			`We should support SVG. In particular:`

			`* We could support rendering SVGs to PNGs when compiling the wiki. Not all browsers support SVG yet.`

			`* We could support editing SVGs via the web interface. SVG can contain unsafe content such as scripting, so we would need to whitelist safe markup.`

more triage 2007-07-25 05:08:10 +02:00			`--[[JoshTriplett]]`

web commit by http://jblevins.org/: Case-sensitivity of HTML::Scrubber 2008-03-21 18:58:25 +01:00			`[[wishlist]]`

web commit by http://jblevins.org/: MathML+SVG whitelist 2008-03-21 03:53:26 +01:00			`I'm allowing for inline SVG on my own installation. I've patched my`
			`copy of htmlscrubber.pm to allow safe MathML and SVG elements (as`
web commit by http://jblevins.org/: Oops 2008-03-21 04:06:41 +01:00			`implemented in html5lib). <del datetime="2008-03-20T23:04-05:00">Here's a patch`
			`if anyone else is interested.</del>`
			`<ins datetime="2008-03-20T23:05-05:00">Actually, that patch wasn't quite`
			`right. I'll post a new one when it's working properly.</ins> --[[JasonBlevins]]`
web commit by http://jblevins.org/: MathML+SVG whitelist 2008-03-21 03:53:26 +01:00
web commit by http://jblevins.org/: Fix links and sign 2008-03-21 16:40:33 +01:00			`* * *`

web commit by http://jblevins.org/: Request for comments about SVG and MathML whitelists 2008-03-21 16:19:00 +01:00			`I'd like to hear what people think about the following:`

			`1. Including whitelists of elements and attributes for SVG and MathML in`
web commit by http://jblevins.org/: Fix links and sign 2008-03-21 16:40:33 +01:00			`htmlscrubber. See my current [htmlscrubber.pm][] and the [diff][]`
web commit by http://jblevins.org/: Request for comments about SVG and MathML whitelists 2008-03-21 16:19:00 +01:00			`from the current trunk.`

			`2. Creating a whitelist of safe SVG (and maybe even HTML) style`
			attributes such as `fill`, `stroke-width`, etc.

			`This is how the [sanitizer][] in html5lib works. It shouldn't be too`
			`hard to translate the relevant parts to Perl.`

web commit by http://jblevins.org/: Fix links and sign 2008-03-21 16:40:33 +01:00			`--[[JasonBlevins]], March 21, 2008 11:39 EDT`

			`[htmlscrubber.pm]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blob;f=IkiWiki/Plugin/htmlscrubber.pm;hb=fa9045c07efce434f24edb05b542c88815452873`
			`[diff]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blobdiff;f=IkiWiki/Plugin/htmlscrubber.pm;h=35c546620f8f58eb50c72783f11d422b06de93ca;hp=3bdaccea119ec0e1b289a0da2f6d90e2219b8d66;hb=fa9045c07efce434f24edb05b542c88815452873;hpb=be0b4f603f918444b906e42825908ddac78b7073`
web commit by http://jblevins.org/: Request for comments about SVG and MathML whitelists 2008-03-21 16:19:00 +01:00			`[sanitizer]: http://code.google.com/p/html5lib/source/browse/trunk/ruby/lib/html5/sanitizer.rb`

web commit by http://jblevins.org/: Case-sensitivity of HTML::Scrubber 2008-03-21 18:58:25 +01:00			`* * *`

			`Another problem is that [HTML::Scrubber][] converts all tags to lowercase.`
			`Some SVG elements, such as viewBox, are mixed case. It seems that`
			`properly handling SVG might require moving to a different sanitizer.`
			`It seems that [HTML::Sanitizer][] has functions for sanitizing XHTML.`
			`Any thoughts? --[[JasonBlevins]], March 21, 2008 13:54 EDT`

			`[HTML::Scrubber]: http://search.cpan.org/~podmaster/HTML-Scrubber-0.08/Scrubber.pm`
			`[HTML::Sanitizer]: http://search.cpan.org/~nesting/HTML-Sanitizer-0.04/Sanitizer.pm`