I'm trying to embed an SVG in a README.md file served from git.sr.ht.
Project link: https://git.sr.ht/~ghewgill/hour-of-power
The problem is the SVG file appears to be served with a
"Content-type: text/plain; charset=utf-8" header. This causes the
browser to fail to render the SVG as an image.
How can I cause the SVG file to be served with "image/svg+xml" type?
Or is there another better way I'm missing?
On Monday, May 11, 2020 10:49 AM, Greg Hewgill <greg@hewgill.com> wrote:
> I'm trying to embed an SVG in a README.md file served from git.sr.ht.> Project link: https://git.sr.ht/~ghewgill/hour-of-power>> The problem is the SVG file appears to be served with a> "Content-type: text/plain; charset=utf-8" header. This causes the> browser to fail to render the SVG as an image.>> How can I cause the SVG file to be served with "image/svg+xml" type?> Or is there another better way I'm missing?
I wonder whether this may be a security issue (users would be able to
potentially embed JavaScript in the SVG and steal cookies).
May 11, 2020 8:56 PM, "Simon Ser" <contact@emersion.fr> wrote:
> I wonder whether this may be a security issue (users would be able to> potentially embed JavaScript in the SVG and steal cookies).
That could be the reason. That would be unfortunate too, because SVG
is a nice way to include simple diagrams (I even tried inline SVG in
the Markdown, but that definitely did not work).
I've added a PNG version of the diagram for now so it works, but have
left the broken link to the SVG in there. I'm still hoping that there
is some way to make the SVG work.
On Mon May 11, 2020 at 4:56 AM PST, Simon Ser wrote:
> I wonder whether this may be a security issue (users would be able to> potentially embed JavaScript in the SVG and steal cookies).
This is indeed a concern. In theory it's not unfixable, but the overhead
of implementing SVG is higher than for any other image format.
May 12, 2020 1:13 AM, "Drew DeVault" <sir@cmpwn.com> wrote:
> This is indeed a concern. In theory it's not unfixable, but the overhead> of implementing SVG is higher than for any other image format.
Thanks. Whoever thought it was a good idea to ruin a perfectly good
image format with scripting.
I'll stick with the PNG image for now and hope nobody ruins that. :)