Page MenuHomePhabricator
Create Task
Maniphest T407783

Allow Lua to generate interactive SVGs (<svg> instead of <img>)
Open, Needs TriagePublicFeature
Actions

Description

Scribunto recently added support for Lua to generate SVGs rendered as <img> in T405861. This renders SVGs in secure animated mode which allows declarative animations but not interactions. There are some use cases where interactivity would be helpful to illustrate article content.

This can be done by emitting <svg> elements to html, after passing them through a sanitizer to strip elements and attributes that could trigger external resource loads or script execution (T334953). The interface for this in Scribunto could be a new :toTag() method in mw.svg.

Previously discussed within T334372.

FeatureUnsanitized, as <img> (Supported)Sanitized, as <svg> (Proposed)
Declarative animationsYesYes
InteractivityNo, blocked by browserYes
Script executionNo, blocked by browserNo, blocked by MediaWiki
External referencesNo, blocked by browserNo, blocked by MediaWiki

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Sanitize SVGs and allow embedding as <svg> tags in HTMLmediawiki/extensions/Scribuntomaster+1 K -1
Support advanced elements and attributes in SVG sanitizermediawiki/extensions/Scribuntomaster+1 K -531
Customize query in gerrit

Related Objects
Search...

Event Timeline

SD0001 created this task.Oct 20 2025, 6:22 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 20 2025, 6:22 PM
SD0001 added a subtask: T334953: Introduce an SVG Sanitizer.Oct 20 2025, 6:22 PM
Nemoralis awarded a token.Oct 20 2025, 6:32 PM
IKhitron subscribed.Oct 20 2025, 6:37 PM
Rasputin1493 subscribed.Oct 20 2025, 7:38 PM
Bugreporter mentioned this in T66460: Dynamically generate files with Scribunto.Oct 21 2025, 5:31 AM
SD0001 mentioned this in T405861: Add support for generating non-interactive SVG images via Scribunto.Oct 27 2025, 7:02 AM
Nux subscribed.Oct 27 2025, 8:43 AM
SD0001 mentioned this in T409055: Add local wikilink attribute to SVG elements.Nov 3 2025, 11:24 AM
SD0001 merged a task: T409055: Add local wikilink attribute to SVG elements.
SD0001 added subscribers: Bawolff, Izno, Nardog and 2 others.
gerritbot added a comment.Nov 11 2025, 5:39 PM

Change #1203874 had a related patch set uploaded (by SD0001; author: SD0001):

[mediawiki/extensions/Scribunto@master] Sanitize SVGs and allow embedding as <svg> tags in HTML

https://gerrit.wikimedia.org/r/1203874

gerritbot added a project: Patch-For-Review.Nov 11 2025, 5:39 PM
Ahecht added a parent task: T5593: [Epic] SVG client side rendering.Nov 11 2025, 8:35 PM
Alex44019 subscribed.Nov 12 2025, 1:18 AM
gerritbot added a comment.Thu, Nov 20, 7:19 PM

Change #1203875 had a related patch set uploaded (by SD0001; author: SD0001):

[mediawiki/extensions/Scribunto@master] Support advanced elements and attributes in SVG sanitizer

https://gerrit.wikimedia.org/r/1203875

SomeRandomDeveloper subscribed.Tue, Nov 25, 12:23 PM
SD0001 mentioned this in T208578: SVG client side rendering for specific SVGs.Wed, Nov 26, 6:55 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits