Page MenuHomePhabricator
Create Task
Maniphest T134482

Beta feature for opt-in client side SVG rendering
Open, Stalled, LowPublic
Actions

Description

It's probably worth testing SVG client-side rendering as an opt-in beta feature, to get wider testing as we improve the authoring tools to help with optimizing rendering or blacklisting problematic files.

Related Objects
Search...

Event Timeline

brooke created this task.May 5 2016, 12:59 PM
Restricted Application added projects: Multimedia, Commons. · View Herald TranscriptMay 5 2016, 12:59 PM
Restricted Application added subscribers: Zppix, Steinsplitter, Aklapper. · View Herald Transcript
brooke added a subtask: T134455: Add experimental option for direct SVG output via srcset.May 5 2016, 1:00 PM
Restricted Application added subscribers: Poyekhali, Matanya. · View Herald TranscriptMay 5 2016, 1:00 PM
brooke added a parent task: T5593: [Epic] SVG client side rendering.May 5 2016, 1:01 PM
Jdforrester-WMF added a project: User-notice.May 5 2016, 1:01 PM
Danny_B subscribed.May 5 2016, 6:31 PM
Ricordisamoa subscribed.May 6 2016, 11:39 AM
Johan moved this task from To Triage to Not ready to announce on the User-notice board.May 12 2016, 2:35 PM
Legoktm edited projects, added Beta-Feature; removed BetaFeatures.May 12 2016, 5:17 PM
gerritbot mentioned this in T5593: [Epic] SVG client side rendering.May 12 2016, 8:13 PM
He7d3r subscribed.May 22 2016, 3:07 PM
Sjoerddebruin subscribed.Jun 28 2016, 12:19 PM
Jdforrester-WMF triaged this task as Low priority.Jul 20 2016, 9:09 PM
Jdforrester-WMF moved this task from Untriaged to Desired epics on the Multimedia board.
Srittau subscribed.Mar 19 2017, 6:27 PM
jhsoby subscribed.May 5 2017, 6:59 PM
AntiCompositeNumber subscribed.Jul 27 2017, 12:49 PM
AfroThundr3007730 subscribed.Jun 9 2019, 8:16 AM
SilverbackNet subscribed.Sep 19 2020, 11:35 PM
Izno subscribed.Nov 26 2020, 3:09 AM
JoKalliauer subscribed.May 5 2021, 1:47 PM
Locke_Cole subscribed.Aug 1 2022, 7:52 AM
JoKalliauer added a subscriber: Jonathanischoice.Nov 30 2022, 10:43 PM
Aklapper added a parent task: T208578: SVG client side rendering for specific SVGs.Feb 9 2023, 9:59 AM
Vollbracht subscribed.Feb 9 2023, 1:44 PM
Glrx subscribed.Feb 10 2023, 6:08 PM
TheDJ added subtasks: T117618: Add restrictive CSP to upload.wikimedia.org, T239069: Give MW a .htaccess in the images directory to mirror Wikimedia's CSP settings.Mar 22 2024, 12:34 PM
TheDJ closed subtask T134455: Add experimental option for direct SVG output via srcset as Declined.Mar 22 2024, 12:37 PM
BCornwall changed the status of subtask T117618: Add restrictive CSP to upload.wikimedia.org from Open to In Progress.Aug 5 2024, 7:57 PM
Jdforrester-WMF closed subtask T239069: Give MW a .htaccess in the images directory to mirror Wikimedia's CSP settings as Resolved.Aug 7 2025, 6:56 AM
TheDJ changed the task status from Open to Stalled.Aug 7 2025, 8:21 AM
TheDJ subscribed.

This is currently stalled on WMF having reservations about adding CSP headers to file responses as they would add significantly to the byte count of traffic.. See T117618#10081491 and later.

Bawolff subscribed.Aug 10 2025, 5:19 AM

I don't really think CSP should stall this. CSP only affects direct views. If we're talking about rendering an SVG via an <img> tag, CSP doesn't change anything. Additionally, we already allow template styles to set an svg file as a background-image so setting via <img> wouldn't really be a change in security posture.

To be clear CSP is a very good idea to improve Wikimedia's security posture, but it would improve the status quo. It wouldn't affect <img> tags.

TheDJ reopened subtask T239069: Give MW a .htaccess in the images directory to mirror Wikimedia's CSP settings as Open.Aug 11 2025, 8:14 AM
A_smart_kitten closed subtask T239069: Give MW a .htaccess in the images directory to mirror Wikimedia's CSP settings as Resolved.Aug 13 2025, 2:26 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits