MIME Type Review Request: image/svg+xml
Chris Lilley
chris at w3.org
Tue Nov 2 17:22:28 CET 2004
Please review the Media Type registration template described below. It
is available in HTML [1] or in plain text form [2] and relates to the
SVG specification [3]. Registration of this Media Type in the standards
tree is requested, in conformance with [4] and [5].
[1] http://www.w3.org/TR/SVG12/mimereg.html
[2] http://www.w3.org/TR/SVG12/mimereg.html,text
[3] http://www.w3.org/TR/SVG12/
[4] http://www.ietf.org/internet-drafts/draft-freed-media-type-reg-01.txt
[5] http://www.w3.org/2002/06/registering-mediatype
Registration of Media Type image/svg+xml
MIME media type name:
image
MIME subtype name:
svg+xml
Required parameters:
None.
Optional parameters:
None
The encoding of an SVG document is determined by the XML
encoding declaration. This has identical semantics to the
application/xml media type in the case where the charset
parameter is omitted, as specified in [6]RFC3023 sections 8.9,
8.10 and 8.11.
[6] http://www.w3.org/TR/SVG12/references
Encoding considerations:
Same as for application/xml. See [7]RFC3023 , section 3.2.
[7] http://www.w3.org/TR/SVG12/references
Restrictions on usage:
None
Security considerations:
As with other XML types and as noted in [8]RFC3023 section 10,
repeated expansion of maliciously constructed XML entities can
be used to consume large amounts of memory, which may cause XML
processors in constrained environments to fail.
[8] http://www.w3.org/TR/SVG12/references
SVG documents may be transmitted in compressed form using gzip
compression. For systems which employ MIME-like mechanisms,
such as HTTP, this is indicated by the
Content-Transfer-Encoding header; for systems which do not,
such as direct filesystem access, this is indicated by the
filename extension and by the Macintosh File Type Codes. In
addition, gzip compressed content is readily recognised by the
initial byte sequence as described in [9]RFC1952 section 2.3.1.
[9] http://www.w3.org/TR/SVG12/references
Several SVG elements may cause arbitrary URIs to be referenced.
In this case, the security issues of [10]RFC2396, section 7,
should be considered.
[10] http://www.w3.org/TR/SVG12/references
In common with HTML, SVG documents may reference external media
such as images, audio, video, style sheets, and scripting
languages. Scripting languages are executable content. In this
case, the security considerations in the Media Type
registrations for those formats apply.
In addition, because of the extensibility features for SVG and
of XML in general, it is possible that "image/svg+xml" may
describe content that has security implications beyond those
described here. However, if the processor follows only the
normative semantics of this specification, this content will be
outside the SVG namespace and will be ignored. Only in the case
where the processor recognizes and processes the additional
content, or where further processing of that content is
dispatched to other processors, would security issues
potentially arise. And in that case, they would fall outside
the domain of this registration document.
Interoperability considerations:
This specification describes processing semantics that dictate
behavior that must be followed when dealing with, among other
things, unrecognized elements and attributes, both in the SVG
namespace and in other namespaces.
Because SVG is extensible, conformant "image/svg+xml"
processors must expect that content received is well-formed
XML, but it cannot be guaranteed that the content is valid to a
particular DTD or Schema or that the processor will recognize
all of the elements and attributes in the document.
SVG has a published Test Suite and associated implementation
report showing which implementations passed which tests at the
time of the report. This information is periodically updated as
new tests are added or as implementations improve.
Published specification:
This media type registration is extracted from Appendix G of
the SVG 1.2 specification.
Additional information:
Person & email address to contact for further information:
Dean Jackson, (dean at w3.org).
Intended usage:
COMMON
Author/Change controller:
The SVG specification is a work product of the World Wide Web
Consortium's SVG Working Group. The W3C has change control over
these specifications.
--
Chris Lilley mailto:chris at w3.org
Chair, W3C SVG Working Group
Member, W3C Technical Architecture Group
More information about the Ietf-types
mailing list