Introduce an SVG Sanitizer
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	Bugreporter
	Apr 18 2023, 2:22 PM

Description

Similar to the existing CSS Sanitizer, a whitelist-based sanitizer will ensure the SVG cannot be used for anything dangerous.

This task is directly influenced by T334940: All Graphs broken on Wikimedia wikis (due to security issue T336556) (although I am not able to see the restricted subtask).

See also: T96461: Systematic sanitization for SVGs and HTML, T86874: Make SVG sanitization into a library (the current sanitizer is not considered safe enough for SVG to be directly embeded client-side)
See also parent tasks

Status	Assigned	Task
Open	None	T44725 Multimedia file format support (tracking)
Open	None	T138665 Support SVG interactivity and animation in media-viewer
Open	None	T5593 [Epic] SVG client side rendering
Open	None	T334953 Introduce an SVG Sanitizer

Bugreporter renamed this task from Introduce a SVG Sanitizer to Introduce an SVG Sanitizer.Apr 18 2023, 2:23 PM