[Clipart] SVG sanitization

Andrew Archibald andrew.archibald at sympatico.ca
Tue Mar 22 13:07:53 PST 2005


I now have a script that sanitizes SVG, removing script tags and attributes and 
reporting their presence.

It has a few limitations:
* Some broken SVG files cause it to barf; there are 32 such broken files in the 
0.11 release.
* It can't intelligently sanitize files containing Adobe- or Microsoft-specific 
SVG, of which there are 46 in the 0.11 release.
* Its interface is a little awkward (input on stdin, output on stdout, error on 
stderr, return value signals OK/not OK, one file at a time, no command-line 

It could be made to do more, including removing or flagging the presence of 
proprietary extensions, verifying that the license claims to be PD, checking 
for and rearranging metadata, or cleaning the kitchen sink, with sufficient 
programming effort. (The first two would not require much).

I think it is important to incorporate the script into the upload process; I 
think thumbnails should also be rendered on the server, using inkscape, as part 
of that process, as well as extracting and displaying metadata so that users 
can verify that the files look the way they're supposed to and are tagged 

I will also be trying to get another version of the script to be used on 
Wikipedia so that they can serve up SVG files.


More information about the clipart mailing list