blob: a63e183e8523447165529ca587fd750641b9115c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
I would like to upload a svg figure to illustrate [[this tip|tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/]] (this figure would also appear [[here|tips/distributed_wikis]]).
Unfortunately, Github shows [[raw code|https://github.com/paternal/ikiwiki/blob/paternal/upload-svg/doc/tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/separate-web-git-servers.svg]] instead of the image.
[[!template id=gitbranch branch=spalax/paternal/upload-svg browse="https://github.com/paternal/ikiwiki/tree/paternal/upload-svg" author="[[Louis|spalax]]"]]
[[!tag patch]]
--[[Louis|spalax]]
> Unfortunately SVG can contain embedded JavaScript, so anyone who can
> upload arbitrary SVG to this wiki can execute JavaScript in its security
> context, leading to stealing login cookies and other badness. GitHub
> won't display arbitrary user-supplied SVG for the same reasons.
>
> I've seen various attempts to sanitize SVG via a whitelist, but it's
> just too large a specification to be confident that you're right, IMO.
>
> This particular SVG [[looks good to me|users/smcv/ready]] and I've
> mirrored it in my own git repo. --[[smcv]]
>> [[merged|done]] --[[smcv]]
|