After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 686346 - [patch] Finish the implementation of "load policies"
[patch] Finish the implementation of "load policies"
Status: RESOLVED OBSOLETE
Product: librsvg
Classification: Core
Component: general
git master
Other Linux
: Normal enhancement
: ---
Assigned To: librsvg maintainers
librsvg maintainers
Depends on:
Blocks:
 
 
Reported: 2012-10-18 01:49 UTC by Tim Starling
Modified: 2017-12-13 17:55 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
The patch (12.66 KB, patch)
2012-10-18 01:49 UTC, Tim Starling 		none Details | Review
Patch v2 (12.67 KB, patch)
2012-10-18 09:50 UTC, Tim Starling 		none Details | Review

Description Tim Starling 2012-10-18 01:49:19 UTC 
Created attachment 226707 [details] [review]
The patch

In January, I discussed with Christian the idea of a --no-external-files flag to rsvg-convert to support the processing of untrusted files, for example on web servers. I promised to submit a patch, but never did. A week after our conversation, Christian committed some initial work on the concept, in a2e869cb700c13804056820fd4afa215e551b9c5 . 

The attached patch aims to complete that work, following on from Christian's start. I added --no-external-files and --load-policy=<policy> command-line options to rsvg-convert, and introduced two additional load policies in addition to the "all permissive" one that Christian introduced.

The patch is generated by git format-patch, for use with git am.
Comment 1 Tim Starling 2012-10-18 09:50:03 UTC 
Created attachment 226720 [details] [review]
Patch v2

Fixed uninitialised automatic variable no_external_files, discovered during testing.
Comment 2 Behdad Esfahbod 2014-12-06 22:51:02 UTC 
I like to see the SVG integration spec implemented instead:

  https://svgwg.org/specs/integration/
Comment 3 André Klapper 2015-03-13 15:32:11 UTC 
Tim: Any plans / capacity to rework the patch to implement the SVG integration spec instead?
Comment 4 Tim Starling 2015-03-17 01:22:04 UTC 
No.
Comment 5 GNOME Infrastructure Team 2017-12-13 17:55:59 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/librsvg/issues/67.