]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - doc/todo/upload__95__figure.mdwn
more changelog and bug-closing
[git.ikiwiki.info.git] / doc / todo / upload__95__figure.mdwn
1 I would like to upload a svg figure to illustrate [[this tip|tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/]] (this figure would also appear [[here|tips/distributed_wikis]]). 
3 Unfortunately, Github shows [[raw code|https://github.com/paternal/ikiwiki/blob/paternal/upload-svg/doc/tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/separate-web-git-servers.svg]] instead of the image. 
5 [[!template  id=gitbranch branch=spalax/paternal/upload-svg browse="https://github.com/paternal/ikiwiki/tree/paternal/upload-svg" author="[[Louis|spalax]]"]]
7 [[!tag patch]]
9 --[[Louis|spalax]]
11 > Unfortunately SVG can contain embedded JavaScript, so anyone who can
12 > upload arbitrary SVG to this wiki can execute JavaScript in its security
13 > context, leading to stealing login cookies and other badness. GitHub
14 > won't display arbitrary user-supplied SVG for the same reasons.
15 >
16 > I've seen various attempts to sanitize SVG via a whitelist, but it's
17 > just too large a specification to be confident that you're right, IMO.
18 >
19 > This particular SVG [[looks good to me|users/smcv/ready]] and I've
20 > mirrored it in my own git repo. --[[smcv]]
22 >> [[merged|done]] --[[smcv]]