Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Welcome to Codidact Meta!

Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.

Post History

50%
+0 −0
Q&A Should inline SVG or SVG uploads be supported in posts?

Codidact posts support a safe subset of HTML. Currently the <svg> tag is not supported. SVG images can still be safely included using the <img> tag[1] (or a Markdown image link, which i...

0 answers  ·  posted 6mo ago by trichoplax‭  ·  last activity 6mo ago by Mithical‭

#2: Post edited by user avatar trichoplax‭ · 2024-06-30T18:23:17Z (6 months ago)
Mention that Markdown image links also work
  • Codidact posts support a safe subset of HTML. Currently the `<svg>` tag is not supported. SVG images can still be safely included using the `<img>` tag[^1], which suppresses their potentially dangerous aspects such as embedded scripts. However, this requires the post author to find a way to host the SVG file somewhere online, unlike other image files which are hosted by Codidact through the image upload button at the top of the post editing page.
  • ## Allowing inline SVG
  • Would allowing inline SVG introduce additional risks? Would this be mitigated by not supporting the tags that are potentially dangerous? For example, the `<script>` tag is already not supported. What other tags or attributes would need to be blocked? If they are all already blocked, does this mean that inline SVG could be supported safely?
  • ## Allowing SVG files in the image uploader
  • Currently the image uploader supports PNG, JPEG, and GIF files. In the saved post, these images are contained within an `<img>` tag. If SVG files were supported in the image uploader, resulting in them being contained within an `<img>` tag, would this be just as safe as the currently possible approach of manually including an `<img>` tag?
  • ## File size
  • If one or both of these approaches could be supported, one advantage would be that file sizes could be reduced. For simple diagrams (as might be useful in an explanation), vector images can have significantly smaller file sizes than raster (pixel) images.
  • Currently, if I want to include an SVG file without hosting it somewhere else, I first need to convert it to a larger PNG file, taking up more storage space for Codidact servers.
  • [^1]: [Can I use SVG in posts?](https://meta.codidact.com/posts/291885)
  • Codidact posts support a safe subset of HTML. Currently the `<svg>` tag is not supported. SVG images can still be safely included using the `<img>` tag[^1] (or a Markdown image link, which is converted to an `<img>` tag behind the scenes), which suppresses their potentially dangerous aspects such as embedded scripts. However, this requires the post author to find a way to host the SVG file somewhere online, unlike other image files which are hosted by Codidact through the image upload button at the top of the post editing page.
  • ## Allowing inline SVG
  • Would allowing inline SVG introduce additional risks? Would this be mitigated by not supporting the tags that are potentially dangerous? For example, the `<script>` tag is already not supported. What other tags or attributes would need to be blocked? If they are all already blocked, does this mean that inline SVG could be supported safely?
  • ## Allowing SVG files in the image uploader
  • Currently the image uploader supports PNG, JPEG, and GIF files. In the saved post, these images are contained within an `<img>` tag. If SVG files were supported in the image uploader, resulting in them being contained within an `<img>` tag, would this be just as safe as the currently possible approach of manually including an `<img>` tag?
  • ## File size
  • If one or both of these approaches could be supported, one advantage would be that file sizes could be reduced. For simple diagrams (as might be useful in an explanation), vector images can have significantly smaller file sizes than raster (pixel) images.
  • Currently, if I want to include an SVG file without hosting it somewhere else, I first need to convert it to a larger PNG file, taking up more storage space for Codidact servers.
  • [^1]: [Can I use SVG in posts?](https://meta.codidact.com/posts/291885)
#1: Initial revision by user avatar trichoplax‭ · 2024-06-30T00:43:18Z (6 months ago)
Should inline SVG or SVG uploads be supported in posts?
Codidact posts support a safe subset of HTML. Currently the `<svg>` tag is not supported. SVG images can still be safely included using the `<img>` tag[^1], which suppresses their potentially dangerous aspects such as embedded scripts. However, this requires the post author to find a way to host the SVG file somewhere online, unlike other image files which are hosted by Codidact through the image upload button at the top of the post editing page.

## Allowing inline SVG
Would allowing inline SVG introduce additional risks? Would this be mitigated by not supporting the tags that are potentially dangerous? For example, the `<script>` tag is already not supported. What other tags or attributes would need to be blocked? If they are all already blocked, does this mean that inline SVG could be supported safely?

## Allowing SVG files in the image uploader
Currently the image uploader supports PNG, JPEG, and GIF files. In the saved post, these images are contained within an `<img>` tag. If SVG files were supported in the image uploader, resulting in them being contained within an `<img>` tag, would this be just as safe as the currently possible approach of manually including an `<img>` tag?

## File size
If one or both of these approaches could be supported, one advantage would be that file sizes could be reduced. For simple diagrams (as might be useful in an explanation), vector images can have significantly smaller file sizes than raster (pixel) images.

Currently, if I want to include an SVG file without hosting it somewhere else, I first need to convert it to a larger PNG file, taking up more storage space for Codidact servers.



[^1]: [Can I use SVG in posts?](https://meta.codidact.com/posts/291885)