hello d-gis/Bas, there is a security vulnerability in svgSalamander: https://github.com/blackears/svgSalamander/issues/11
The problem occurs when including raster/svg images via <image>. The reporter says "How to fix - any schemes apart from data in the xlink:href attribute should be disallowed" --> I am not aware of svgSalamander properties (the only other toggle I can think of is java system properties), so can we _disable_ other schemes? I don't think that breaks SVG renderding in Freeplane, how about josm / other applications? http://stackoverflow.com/questions/6249664/does-svg-support-embedding-of-bitmap-images --> data: schema seems provides a way for including base64 encoded raster/svg images inline in an SVG. --> Can we discuss how to fix this? Or shall we wait until Mark (the upstream author) fixes this (might take a month)? Or at least ping him for a solution? Cheers and Best Regards, -- Felix Natter
