[webkit-dev] SVG Filters

Darin Adler darin at apple.com
Fri Dec 4 09:41:45 PST 2009

On Dec 1, 2009, at 6:07 PM, Nikolas Zimmermann wrote:

> I'd like to enable SVG FIlters support by default. This is the last remaining piece before we can officially claim SVG 1.0/1.1 support, in our SVG DOM implementation (through SVG requiredFeatures/requiredExtensions functionality).
> Dirk has done an amazing job, providing most of our new cross-platform filter support. In previous discussions, security concerns have been raised, as the code is doing pixel-manipulations, with web content as input, so it's a place that needs special attention. Oliver specifically asked for a person not involved in reviewing the patches, but a 3rd party to check the code for potential problems.
> What do you think about this approach? Would anyone volunteer, for having a look over the existing filters code in trunk?
> Does anyone see other problems with turning on filters?

If this is in good shape, I’d love to see this turned on in nightly builds, especially if have lots of good regression tests for it. It’s good to have the code tested and lived on for a while.

I think it would be great for us to figure out what type of testing and reviewing we need to do to be confident enough of the security of the code to turn it on for releases such as the WebKit that comes with a future version of Safari.

At a high level it sounds great for someone to check this for security problems, but it’s not obvious to me that someone will be available and have the skills to do it.

What kinds of tests do we have for the code already? Do we have code that tries to exercise edge cases? Do we have a fuzzer of some sort?

    -- Darin

More information about the webkit-dev mailing list