X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/7eebd3709b01bd35a88d1370bf3954c28f50bcb9..ca9e45c3ba2ad852123aeb8783eed07ed73ce00c:/doc/todo/svg.mdwn?ds=sidebyside diff --git a/doc/todo/svg.mdwn b/doc/todo/svg.mdwn index 69fba2a99..0a15af4cd 100644 --- a/doc/todo/svg.mdwn +++ b/doc/todo/svg.mdwn @@ -6,6 +6,8 @@ We should support SVG. In particular: --[[JoshTriplett]] +[[wishlist]] + I'm allowing for inline SVG on my own installation. I've patched my copy of htmlscrubber.pm to allow safe MathML and SVG elements (as implemented in html5lib). Here's a patch @@ -13,11 +15,12 @@ if anyone else is interested. Actually, that patch wasn't quite right. I'll post a new one when it's working properly. --[[JasonBlevins]] +* * * + I'd like to hear what people think about the following: 1. Including whitelists of elements and attributes for SVG and MathML in - htmlscrubber. See my [htmlscrubber.pm][] and the [diff][] - from the current trunk. + htmlscrubber. 2. Creating a whitelist of safe SVG (and maybe even HTML) style attributes such as `fill`, `stroke-width`, etc. @@ -25,8 +28,31 @@ I'd like to hear what people think about the following: This is how the [sanitizer][] in html5lib works. It shouldn't be too hard to translate the relevant parts to Perl. -[htmlscrubber.pm]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blob;f=IkiWiki/Plugin/htmlscrubber.pm;hb=db56b62ce99cdb7ffe41a8decaca34ade7964aa4 -[diff]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blobdiff;f=IkiWiki/Plugin/htmlscrubber.pm;h=e4234e3b31f54fd5ca929fe7bece88d176dab03a;hp=3bdaccea119ec0e1b289a0da2f6d90e2219b8d66;hb=db56b62ce99cdb7ffe41a8decaca34ade7964aa4;hpb=be0b4f603f918444b906e42825908ddac78b7073 + --[[JasonBlevins]], March 21, 2008 11:39 EDT + [sanitizer]: http://code.google.com/p/html5lib/source/browse/trunk/ruby/lib/html5/sanitizer.rb -[[wishlist]] +* * * + +Another problem is that [HTML::Scrubber][] converts all tags to lowercase. +Some SVG elements, such as viewBox, are mixed case. It seems that +properly handling SVG might require moving to a different sanitizer. +It seems that [HTML::Sanitizer][] has functions for sanitizing XHTML. +Any thoughts? --[[JasonBlevins]], March 21, 2008 13:54 EDT + +[HTML::Scrubber]: http://search.cpan.org/~podmaster/HTML-Scrubber-0.08/Scrubber.pm +[HTML::Sanitizer]: http://search.cpan.org/~nesting/HTML-Sanitizer-0.04/Sanitizer.pm + +I figured out a quick hack to make HTML::Scrubber case-sensitive by +making the underlying HTML::Parser case-sensitive: + + $_scrubber->{_p}->case_sensitive(1); + +So now I've got a version of [htmlscrubber.pm][] ([diff][]) +which allows safe SVG and MathML elements and attributes (but no +styles—do we need them?). I'd be thrilled to see this +in the trunk if other people think it's useful. +--[[JasonBlevins]], March 24, 2008 14:56 EDT + +[htmlscrubber.pm]:http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blob;f=IkiWiki/Plugin/htmlscrubber.pm;h=3c0ddc8f25bd8cb863634a9d54b40e299e60f7df;hb=fe333c8e5b4a5f374a059596ee698dacd755182d +[diff]: http://xbeta.org/gitweb/?p=xbeta/ikiwiki.git;a=blobdiff;f=IkiWiki/Plugin/htmlscrubber.pm;h=3c0ddc8f25bd8cb863634a9d54b40e299e60f7df;hp=3bdaccea119ec0e1b289a0da2f6d90e2219b8d66;hb=fe333c8e5b4a5f374a059596ee698dacd755182d;hpb=be0b4f603f918444b906e42825908ddac78b7073