2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

Rob Lanphier-4
Hi everyone,

For [this week's ArchCom-RFC meeting][E325], let's talk about SVG.

As you probably know, MediaWiki optionally allows for SVG uploads,
which is allowed on many Wikimedia wikis (e.g. on Commons).  However,
in order to make this preference safe to use, we need to validate the
SVG.

One thing that's allowed in the SVG spec is to embed fragments of
XHTML inside the SVG.  This isn't just a obscure spec feature; this is
understood to be the best way to embed a caption for a diagram that
allows for word wrap when the image is scaled.  Having XHTML support
also would allow for greater compatibility between MediaWiki and
real-world SVG editing tools (e.g. like draw.io)

matmarex made a suggestion in [the bug for this][T138783]:
> We have a HTML validation library (the Sanitizer class) and it could
> probably be hooked up to validating HTML in SVG file uploads. But it
> would definitely require some work.

It's not officially an RFC, but I suggested it as a discussion topic
in [last week's ArchCom planning meeting][3], and no one objected.

Let's see if we can answer a couple of questions:
1.  Is this a good idea in theory?  i.e. is it possible/likely that an
experienced developer could implement something that can pass security
review, or is it conceptually flawed?
2.  Is matmarex's suggested approach a good one?
3.  Should we turn our SVG validation code into a proper library?
4.  (if there's time) Let's step through the [brion's June 30 comment][4]

This week it will be the usual time (Wednesday 21 UTC, 14 PDT, 23 CEST)
and place (#wikimedia-office).  Next week, things get complicated
because of the end of [Summer Time in Europe][5]; an announcement
about next week's meeting will hopefully find its way to the
[ArchComStatus page][6].

Rob

[E325]: <https://phabricator.wikimedia.org/E325>
[T138783]: <https://phabricator.wikimedia.org/T138783>
[3]: <https://www.mediawiki.org/wiki/Architecture_committee/2016-10-19>
[4]: <https://phabricator.wikimedia.org/T138783#2419210>
[5]: <https://en.wikipedia.org/wiki/Summer_Time_in_Europe>
[6]: <https://www.mediawiki.org/wiki/ArchComStatus>

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

Legoktm
Hi,

On 10/25/2016 03:14 PM, Rob Lanphier wrote:
> 3.  Should we turn our SVG validation code into a proper library?

Yes! This is <https://phabricator.wikimedia.org/T86874>. :)

-- Legoktm

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

Gabriel Wicke-3
See also https://phabricator.wikimedia.org/T96461, which discusses using
https://github.com/cure53/DOMPurify, and Parsoid's Token-based sanitizer.

On Tue, Oct 25, 2016 at 6:12 PM, Legoktm <[hidden email]>
wrote:

> Hi,
>
> On 10/25/2016 03:14 PM, Rob Lanphier wrote:
> > 3.  Should we turn our SVG validation code into a proper library?
>
> Yes! This is <https://phabricator.wikimedia.org/T86874>. :)
>
> -- Legoktm
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>



--
Gabriel Wicke
Principal Engineer, Wikimedia Foundation
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

mathieu lovato stumpf guntz
Hi,

Somewhat of topic, but could someone provide me some links related to
translatable SVG?

Kind regards


Le 26/10/2016 à 03:26, Gabriel Wicke a écrit :

> See also https://phabricator.wikimedia.org/T96461, which discusses using
> https://github.com/cure53/DOMPurify, and Parsoid's Token-based sanitizer.
>
> On Tue, Oct 25, 2016 at 6:12 PM, Legoktm <[hidden email]>
> wrote:
>
>> Hi,
>>
>> On 10/25/2016 03:14 PM, Rob Lanphier wrote:
>>> 3.  Should we turn our SVG validation code into a proper library?
>> Yes! This is <https://phabricator.wikimedia.org/T86874>. :)
>>
>> -- Legoktm
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> [hidden email]
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>>
>
>


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

Brian Wolff
On Thursday, October 27, 2016, Mathieu Stumpf Guntz <
[hidden email]> wrote:
> Hi,
>
> Somewhat of topic, but could someone provide me some links related to
> translatable SVG?
>
> Kind regards
>
>

Do you have anything in particular you want to know about translatable
svgs? Are you looking more for a help page on how to make them, for the
relavent part of the svg spec or for technical information about MW's
implementation?

--
bawolff
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

mathieu lovato stumpf guntz


Le 27/10/2016 à 19:22, Brian Wolff a écrit :

> On Thursday, October 27, 2016, Mathieu Stumpf Guntz <
> [hidden email]> wrote:
>> Hi,
>>
>> Somewhat of topic, but could someone provide me some links related to
>> translatable SVG?
>>
>> Kind regards
>>
>>
> Do you have anything in particular you want to know about translatable
> svgs? Are you looking more for a help page on how to make them, for the
> relavent part of the svg spec or for technical information about MW's
> implementation?
I'm looking for help pages to make them and use them within the
Wikimedia projects.

>
> --
> bawolff
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

Stephen Niedzielski
This may not be immediately applicable but after Wikimania, I always think
of User:Cmglee <https://en.wikipedia.org/wiki/User:Cmglee> when I hear the
word "SVG". Please forgive this message it is too off topic.

On Thu, Oct 27, 2016 at 11:46 AM, Mathieu Stumpf Guntz <
[hidden email]> wrote:

>
>
> Le 27/10/2016 à 19:22, Brian Wolff a écrit :
> > On Thursday, October 27, 2016, Mathieu Stumpf Guntz <
> > [hidden email]> wrote:
> >> Hi,
> >>
> >> Somewhat of topic, but could someone provide me some links related to
> >> translatable SVG?
> >>
> >> Kind regards
> >>
> >>
> > Do you have anything in particular you want to know about translatable
> > svgs? Are you looking more for a help page on how to make them, for the
> > relavent part of the svg spec or for technical information about MW's
> > implementation?
> I'm looking for help pages to make them and use them within the
> Wikimedia projects.
>
> >
> > --
> > bawolff
> > _______________________________________________
> > Wikitech-l mailing list
> > [hidden email]
> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

Brian Wolff
In reply to this post by mathieu lovato stumpf guntz
On Thursday, October 27, 2016, Mathieu Stumpf Guntz <
[hidden email]> wrote:

>
>
> Le 27/10/2016 à 19:22, Brian Wolff a écrit :
>> On Thursday, October 27, 2016, Mathieu Stumpf Guntz <
>> [hidden email]> wrote:
>>> Hi,
>>>
>>> Somewhat of topic, but could someone provide me some links related to
>>> translatable SVG?
>>>
>>> Kind regards
>>>
>>>
>> Do you have anything in particular you want to know about translatable
>> svgs? Are you looking more for a help page on how to make them, for the
>> relavent part of the svg spec or for technical information about MW's
>> implementation?
> I'm looking for help pages to make them and use them within the
> Wikimedia projects.
>

https://commons.wikimedia.org/wiki/Commons:Translation_possible/Learn_more#Multiple_translations_within_one_SVG_file
is probably the best help page for that.

--
bawolff
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: 2016W43 ArchCom-RFC meeting: Allow HTML in SVG?

mathieu lovato stumpf guntz
Thank you Brian ant Stephen, I think that should help me. :)


Le 27/10/2016 à 20:02, Brian Wolff a écrit :

> On Thursday, October 27, 2016, Mathieu Stumpf Guntz <
> [hidden email]> wrote:
>>
>> Le 27/10/2016 à 19:22, Brian Wolff a écrit :
>>> On Thursday, October 27, 2016, Mathieu Stumpf Guntz <
>>> [hidden email]> wrote:
>>>> Hi,
>>>>
>>>> Somewhat of topic, but could someone provide me some links related to
>>>> translatable SVG?
>>>>
>>>> Kind regards
>>>>
>>>>
>>> Do you have anything in particular you want to know about translatable
>>> svgs? Are you looking more for a help page on how to make them, for the
>>> relavent part of the svg spec or for technical information about MW's
>>> implementation?
>> I'm looking for help pages to make them and use them within the
>> Wikimedia projects.
>>
> https://commons.wikimedia.org/wiki/Commons:Translation_possible/Learn_more#Multiple_translations_within_one_SVG_file
> is probably the best help page for that.
>
> --
> bawolff
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l