Late Night PC
Web development and tech consulting
Navigation
What links here
No backlinks found.
Syndicate
Podcast on Pre-empting the Abuse of SVG
Submitted by 
Rob on 4:20am, Monday, 2005-12-05
Rob on 4:20am, Monday, 2005-12-05
I start out talking about how SVG can one day be abused the way html is today. Abused in the sense that new technology is first adopted by people who want it to work, later it's used just as a means to an end. That end sometimes is achieved at the cost of loss of the intended use of a service. In short, new technology means new kinds of spam.
How do we allow user-created SVG to be published in communities like forums, wikis, blog comments and anwhere else - but without risking user security or letting in new kinds of junk? I end up with an idea for the Javascript problem that I called bbscript. (Why is it that podcasting makes me get ideas?) I bet that's already used.
The inspiration here was just the idea that we should be careful not to repeat all the problems built in to the Internet technology we're building on top of. Anyhow, have a listen and if you're inspired then go build something.
Links to stuff I mentioned:
- The top link on a Google search for VBS refers to a VBScript worm
- Jeff's Crap Wave
- BBCode
Nice. Though I don't see a reason why some "bbscript" this would have to be its own "block" or namespace outside of SVG. The SVG spec says that the script type must be a valid "media" type (i.e. MIME) so the following could be valid SVG if the type was registered:
<svg ... >
<script type="application/bbscript">
textEle = getSVGElement("someTextElement");
BBSetup_FlowMarquee(textEle);
BBSetup_BlinkText(textEle);
</script >
...
</svg>
This would get parsed serverside and replaced with some sanitized JavaScript that is "well-behaved".
[...] Messing around with the facts and operators files was pretty easy, I added an operator for the monkey to get back down off the box and changed the goals around. I didn’t get the animation of the graph creation to work yet, but I’m going to have a look at the source code for that. Of course since it’s a visualization task I’m going to look at how hard it would be to build SVG output, but that’s tangential to my main goals today. [...]