[Clipart] SVG sanitization

[Jon Phillips]

On Tue, 2005-03-22 at 16:07 -0500, Andrew Archibald wrote:
> Hi,
> 
> I now have a script that sanitizes SVG, removing script tags and attributes and 
> reporting their presence.
> 
> It has a few limitations:
> * Some broken SVG files cause it to barf; there are 32 such broken files in the 
> 0.11 release.
> * It can't intelligently sanitize files containing Adobe- or Microsoft-specific 
> SVG, of which there are 46 in the 0.11 release.
> * Its interface is a little awkward (input on stdin, output on stdout, error on 
> stderr, return value signals OK/not OK, one file at a time, no command-line 
> options).

Well, what is the golden rule of command line scripts: do one thing
well.

We can loop through and so forth to handle more files.

> It could be made to do more, including removing or flagging the presence of 
> proprietary extensions, verifying that the license claims to be PD, checking 
> for and rearranging metadata, or cleaning the kitchen sink, with sufficient 
> programming effort. (The first two would not require much).

Well, you are welcome to have us host this tool where we are keeping
tools currently. Do you have CVS access and an FDO login? If you would
like, just give me your desired username/password and then your SSH Key
and I will get for you from FD.o sitewranglers.

Then, you can put your tool into the CVS module: clipart_web under the
tools folder. This is the temp. home to our tools until that gets too
large.

> I think it is important to incorporate the script into the upload process; I 
> think thumbnails should also be rendered on the server, using inkscape, as part 
> of that process, as well as extracting and displaying metadata so that users 
> can verify that the files look the way they're supposed to and are tagged 
> appropriately.

Well, why don't you work with Jonadab to test it out and see how it will
help the process for this release. Does this sound good? It will give
you nice testing for it and help the process as well.

> I will also be trying to get another version of the script to be used on 
> Wikipedia so that they can serve up SVG files.

That sounds good. It would be great to have your tool with us so that it
can be crossbranded with wikipedia to help give our project exposure ;)

Jon



> _______________________________________________
> clipart mailing list
> clipart at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/clipart
> 
-- 
Jon Phillips

USA PH 510.499.0894
jon at rejon.org
http://www.rejon.org

Inkscape (http://inkscape.org)
Open Clip Art Library (www.openclipart.org)
CVS Book (http://cvsbook.ucsd.edu)
Scale Journal (http://scale.ucsd.edu)