1 I would like to upload a svg figure to illustrate [[this tip|tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/]] (this figure would also appear [[here|tips/distributed_wikis]]).
3 Unfortunately, Github shows [[raw code|https://github.com/paternal/ikiwiki/blob/paternal/upload-svg/doc/tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/separate-web-git-servers.svg]] instead of the image.
5 [[!template id=gitbranch branch=spalax/paternal/upload-svg browse="https://github.com/paternal/ikiwiki/tree/paternal/upload-svg" author="[[Louis|spalax]]"]]
11 > Unfortunately SVG can contain embedded JavaScript, so anyone who can
12 > upload arbitrary SVG to this wiki can execute JavaScript in its security
13 > context, leading to stealing login cookies and other badness. GitHub
14 > won't display arbitrary user-supplied SVG for the same reasons.
16 > I've seen various attempts to sanitize SVG via a whitelist, but it's
17 > just too large a specification to be confident that you're right, IMO.
19 > This particular SVG [[looks good to me|users/smcv/ready]] and I've
20 > mirrored it in my own git repo. --[[smcv]]