ubuntu-appstore-developers team mailing list archive
-
ubuntu-appstore-developers team
-
Mailing list archive
-
Message #00822
Re: Minimizing icon and screenshot transfer size
On Tue, 2014-04-22 at 13:31 -0400, Rodney Dawes wrote:
> On Tue, 2014-04-22 at 17:59 +0200, Jonas Drange wrote:
> > On Tue, Apr 22, 2014 at 5:43 PM, Rodney Dawes
> > <rodney.dawes@xxxxxxxxxxxxx> wrote:
> > My suggestion wasn't to replace all the PNGs with SVGs. In
> > some cases
> > that's just not feasible, because the images were drawn with
> > raster
> > editors anyway. But making SVG an option on upload, will let
> > people who
> > want to use it, use it, and can certainly help reduce file
> > size for
> > transferring the icon. I'd certainly want to be able to use it
> > for any
> > apps I were to make.
> >
> >
> > Aren't user uploaded SVGs a potential security risk? Is it possible to
> > completely sanitize an SVG document?
>
> How so? Sure it's possible to sanitize it. But I don't see how it's any
> more of a security risk than someone uploading a PNG or JPEG that
> exploits a problem in libpng or libjpeg.
Because of embedded Javascript. Mostly if you ignore the script tag (or
don't implement it) you're in good shape. But the JS could be rendering
the graphic in some cases. (i.e. and icon that changed with the phase of
the moon).
http://commons.wikimedia.org/wiki/Help:SVG
For the most part as long as we render to a bitmap with a confined
converter things work well, or run through a sanitizer in the same
conditions.
Ted
Attachment:
signature.asc
Description: This is a digitally signed message part
Follow ups
References