From T138665: Support SVG interactivity and animation in media-viewer.
Have thrown together https://www.mediawiki.org/wiki/Help:Security/SVG_files to serve the same role as https://www.mediawiki.org/wiki/Help:Security/PDF_files.
From T138665: Support SVG interactivity and animation in media-viewer.
Have thrown together https://www.mediawiki.org/wiki/Help:Security/SVG_files to serve the same role as https://www.mediawiki.org/wiki/Help:Security/PDF_files.
I'm not sure about this. I think this might cause unnecessary fear relative to the risk factor for an SVG (Particularly once CSP is implemented).
Unlike PDFs, we do try to detect malicious files (albeit, not perfectly), and the type of exploits that malicious pdfs have done are quite a bit worse then what someone can do with a malicious svg in a browser. (barring browser bugs)
Yeah… if we want this, I think we should implement both whitelisting for SVGs (for files that are definitely perfectly safe) and blacklisting (for files that are definitely not safe), and allow files in the grey area in the middle with this warning.
In SVG MediaWiki blocks some content on upload, however it is not retroactively applied to uploaded files. I think this should be fixed, by a Bot, see T281506 (Sorry I reported a security-task which is imho an overkill.)