An SVG file is basically a chunk of text in XML format which describes an image. Here is a simple example of a 50x50 pixel green triangle:
"1.0" standalone="no" xml version= <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"> <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/> </svg>
If you’re using a browser which supports SVG, ie pretty much any recent version of a modern browser other than IE, here is what the above XML looks like when the browser renders it:
Inside the above XML, you could use script tags in exactly the same way you would with HTML. Eg:
Fortunately, it is not possible to display an SVG by using a simple HTML tag. You have to use an iframe, or the embed or object tags.
Don’t allow SVG
Allow SVG submissions but don’t display them, just allow them to be downloaded
Strip out dangerous stuff from the SVG before displaying. (Be careful to catch everything)
Convert to a different image format before displaying, eg PNG or JPEG.
Looking to hire somebody like me? I'm open to offers of full time employment and small contract jobs. Check out my hiring page. You can follow this Blog using RSS or Twitter. To read more, visit my blog index.