[webkit-reviews] review denied: [Bug 99677] When using SVG as an image, we should allow datauri images : [Attachment 236182] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 7 05:59:12 PDT 2014 

Dirk Schulze <krit at webkit.org> has denied Allan Sandfeld Jensen
<allan.jensen at digia.com>'s request for review:
Bug 99677: When using SVG as an image, we should allow datauri images
https://bugs.webkit.org/show_bug.cgi?id=99677

Attachment 236182: Patch
https://bugs.webkit.org/attachment.cgi?id=236182&action=review

------- Additional Comments from Dirk Schulze <krit at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=236182&action=review


> Source/WebCore/ChangeLog:7
> +	   in a SVG images was not loaded in most cases.

What does "most cases" mean? When did it work?

> Source/WebCore/ChangeLog:11
> +	   URLs since the dummy chrome and page of SVG images still do not
> +	   have a NetworkingContext.

I would like to have that phrased differently. Otherwise someone believes that
we will allow SVGImage to fetch further image resources... which we don't.

> Source/WebCore/svg/graphics/SVGImage.cpp:367
> +	   m_page->settings().setLoadsImagesAutomatically(true);

Hm, I would like to see a safety mechanism that ALWAYS disallows real image
fetches. We should never ever process URLs that are something different than
dataURLs. This would probably include a mechanism that actively avoids the
dataURL document (assuming it is an SVG image itself) to ever load further
resources. We might have that in the loader, but I am not sure. Could you check
if we have this in place? And if yes, if it is strong enough? Please add a
comment of your finding to the bug report.

I fear that some one "fixes" NetworkingContext "issue" and suddenly fetching of
further resources is possible. SVGImage must not fetch resources.

> LayoutTests/ChangeLog:17
> +	   * svg/in-html/resources/embedded.svg: Added.

I would like to see more tests

1) HTML document that loads an SVG image (like nested-data-url.html). The SVG
image's <image> element references a *red* PNG.
2) HTML document that loads an SVG image (like nested-data-url.html). The SVG
image's <image> element has a dataURL of an SVG image with a green square.
3) HTML document that loads an SVG image (like nested-data-url.html). The SVG
image's <image> element has a dataURL of an SVG image which itself contains an
<image> element that references a *red* PNG.

More information about the webkit-reviews mailing list