Welcome to Codidact Meta!
Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.
Post History
Codidact posts support a safe subset of HTML. Currently the <svg> tag is not supported. SVG images can still be safely included using the <img> tag[1] (or a Markdown image link, which i...
#2: Post edited
Codidact posts support a safe subset of HTML. Currently the `<svg>` tag is not supported. SVG images can still be safely included using the `<img>` tag[^1], which suppresses their potentially dangerous aspects such as embedded scripts. However, this requires the post author to find a way to host the SVG file somewhere online, unlike other image files which are hosted by Codidact through the image upload button at the top of the post editing page.- ## Allowing inline SVG
- Would allowing inline SVG introduce additional risks? Would this be mitigated by not supporting the tags that are potentially dangerous? For example, the `<script>` tag is already not supported. What other tags or attributes would need to be blocked? If they are all already blocked, does this mean that inline SVG could be supported safely?
- ## Allowing SVG files in the image uploader
- Currently the image uploader supports PNG, JPEG, and GIF files. In the saved post, these images are contained within an `<img>` tag. If SVG files were supported in the image uploader, resulting in them being contained within an `<img>` tag, would this be just as safe as the currently possible approach of manually including an `<img>` tag?
- ## File size
- If one or both of these approaches could be supported, one advantage would be that file sizes could be reduced. For simple diagrams (as might be useful in an explanation), vector images can have significantly smaller file sizes than raster (pixel) images.
- Currently, if I want to include an SVG file without hosting it somewhere else, I first need to convert it to a larger PNG file, taking up more storage space for Codidact servers.
- [^1]: [Can I use SVG in posts?](https://meta.codidact.com/posts/291885)
- Codidact posts support a safe subset of HTML. Currently the `<svg>` tag is not supported. SVG images can still be safely included using the `<img>` tag[^1] (or a Markdown image link, which is converted to an `<img>` tag behind the scenes), which suppresses their potentially dangerous aspects such as embedded scripts. However, this requires the post author to find a way to host the SVG file somewhere online, unlike other image files which are hosted by Codidact through the image upload button at the top of the post editing page.
- ## Allowing inline SVG
- Would allowing inline SVG introduce additional risks? Would this be mitigated by not supporting the tags that are potentially dangerous? For example, the `<script>` tag is already not supported. What other tags or attributes would need to be blocked? If they are all already blocked, does this mean that inline SVG could be supported safely?
- ## Allowing SVG files in the image uploader
- Currently the image uploader supports PNG, JPEG, and GIF files. In the saved post, these images are contained within an `<img>` tag. If SVG files were supported in the image uploader, resulting in them being contained within an `<img>` tag, would this be just as safe as the currently possible approach of manually including an `<img>` tag?
- ## File size
- If one or both of these approaches could be supported, one advantage would be that file sizes could be reduced. For simple diagrams (as might be useful in an explanation), vector images can have significantly smaller file sizes than raster (pixel) images.
- Currently, if I want to include an SVG file without hosting it somewhere else, I first need to convert it to a larger PNG file, taking up more storage space for Codidact servers.
- [^1]: [Can I use SVG in posts?](https://meta.codidact.com/posts/291885)
#1: Initial revision
Should inline SVG or SVG uploads be supported in posts?
Codidact posts support a safe subset of HTML. Currently the `<svg>` tag is not supported. SVG images can still be safely included using the `<img>` tag[^1], which suppresses their potentially dangerous aspects such as embedded scripts. However, this requires the post author to find a way to host the SVG file somewhere online, unlike other image files which are hosted by Codidact through the image upload button at the top of the post editing page. ## Allowing inline SVG Would allowing inline SVG introduce additional risks? Would this be mitigated by not supporting the tags that are potentially dangerous? For example, the `<script>` tag is already not supported. What other tags or attributes would need to be blocked? If they are all already blocked, does this mean that inline SVG could be supported safely? ## Allowing SVG files in the image uploader Currently the image uploader supports PNG, JPEG, and GIF files. In the saved post, these images are contained within an `<img>` tag. If SVG files were supported in the image uploader, resulting in them being contained within an `<img>` tag, would this be just as safe as the currently possible approach of manually including an `<img>` tag? ## File size If one or both of these approaches could be supported, one advantage would be that file sizes could be reduced. For simple diagrams (as might be useful in an explanation), vector images can have significantly smaller file sizes than raster (pixel) images. Currently, if I want to include an SVG file without hosting it somewhere else, I first need to convert it to a larger PNG file, taking up more storage space for Codidact servers. [^1]: [Can I use SVG in posts?](https://meta.codidact.com/posts/291885)