We should support SVG. In particular:
We could support rendering SVGs to PNGs when compiling the wiki. Not all browsers support SVG yet.
We could support editing SVGs via the web interface. SVG can contain unsafe content such as scripting, so we would need to whitelist safe markup.
I'm allowing for inline SVG on my own installation. I've patched my
copy of htmlscrubber.pm to allow safe MathML and SVG elements (as
implemented in html5lib).
Here's a patch
if anyone else is interested.
I'd like to hear what people think about the following:
Including whitelists of elements and attributes for SVG and MathML in htmlscrubber.
Creating a whitelist of safe SVG (and maybe even HTML) style attributes such as
This is how the sanitizer in html5lib works. It shouldn't be too hard to translate the relevant parts to Perl.
--JasonBlevins, March 21, 2008 11:39 EDT
Another problem is that HTML::Scrubber converts all tags to lowercase. Some SVG elements, such as viewBox, are mixed case. It seems that properly handling SVG might require moving to a different sanitizer. It seems that HTML::Sanitizer has functions for sanitizing XHTML. Any thoughts? --JasonBlevins, March 21, 2008 13:54 EDT
I figured out a quick hack to make HTML::Scrubber case-sensitive by making the underlying HTML::Parser case-sensitive:
So now I've got a version of htmlscrubber.pm (diff) which allows safe SVG and MathML elements and attributes (but no styles—do we need them?). I'd be thrilled to see this in the trunk if other people think it's useful. --JasonBlevins, March 24, 2008 14:56 EDT
Unfortuantly these links are broken. --Joey
Actually, there's a way to embed SVG into MarkDown sources using the data: URI scheme, like this. Of course, this way to display an image one needs to click a link, but it may be considered a feature. — Ivan Shmakov, 2010-03-12Z.
You can do the same with img src actually.