Sanitize SVG following "Save"/Upload from draw.io?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter mln83

    (@mln83)

    I checked with draw.io developers and they do not sanitize the SVG files. They have no plans to implement this feature, so it will be up to the end-user to sanitize the files.

    This could be a good feature to have in DrawIT. Perhaps pass it through SVG-Sanitizer (described above) before it will be saved on the server.

    Best regards,
    Michael

    Plugin Author assortedchips

    (@assortedchips)

    I’ve been crazy busy the past few months and will be for the next month or so. This is a good idea, I’ll look further into it probably in June. Thanks for the suggestion!

    Plugin Author assortedchips

    (@assortedchips)

    Just an update here – now that DrawIt is getting updated to allow less secure SVG submissions (more SVG features, but also more security holes), I’m seeing that this SVG sanitization is going to be more critical. This will definitely need to be implemented in the plugin next.

    Plugin Author assortedchips

    (@assortedchips)

    I have updated the plugin to suggest simultaneous installation of the Safe SVG plugin. It doesn’t make sense for the DrawIt plugin to otherwise try to integrate it manually and perpetually be out of date.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Sanitize SVG following "Save"/Upload from draw.io?’ is closed to new replies.