[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MIME Type Review Request: image/svg+xml




Please review the Media Type registration template described below. It
is available in HTML [1] or in plain text form [2] and relates to the
SVG specification [3]. Registration of this Media Type in the standards
tree is requested, in conformance with [4] and [5].
   
      [1] http://www.w3.org/TR/SVG12/mimereg.html
      [2] http://www.w3.org/TR/SVG12/mimereg.html,text
      [3] http://www.w3.org/TR/SVG12/
      [4] http://www.ietf.org/internet-drafts/draft-freed-media-type-reg-01.txt
      [5] http://www.w3.org/2002/06/registering-mediatype


Registration of Media Type image/svg+xml

   MIME media type name:
          image

   MIME subtype name:
          svg+xml

   Required parameters:
          None.

   Optional parameters:
          None

          The encoding of an SVG document is determined by the XML
          encoding declaration. This has identical semantics to the
          application/xml media type in the case where the charset
          parameter is omitted, as specified in [6]RFC3023 sections 8.9,
          8.10 and 8.11.

      [6] http://www.w3.org/TR/SVG12/references

   Encoding considerations:
          Same as for application/xml. See [7]RFC3023 , section 3.2.

      [7] http://www.w3.org/TR/SVG12/references

   Restrictions on usage:
          None

   Security considerations:
          As with other XML types and as noted in [8]RFC3023 section 10,
          repeated expansion of maliciously constructed XML entities can
          be used to consume large amounts of memory, which may cause XML
          processors in constrained environments to fail.

      [8] http://www.w3.org/TR/SVG12/references

          SVG documents may be transmitted in compressed form using gzip
          compression. For systems which employ MIME-like mechanisms,
          such as HTTP, this is indicated by the
          Content-Transfer-Encoding header; for systems which do not,
          such as direct filesystem access, this is indicated by the
          filename extension and by the Macintosh File Type Codes. In
          addition, gzip compressed content is readily recognised by the
          initial byte sequence as described in [9]RFC1952 section 2.3.1.

      [9] http://www.w3.org/TR/SVG12/references

          Several SVG elements may cause arbitrary URIs to be referenced.
          In this case, the security issues of [10]RFC2396, section 7,
          should be considered.

     [10] http://www.w3.org/TR/SVG12/references

          In common with HTML, SVG documents may reference external media
          such as images, audio, video, style sheets, and scripting
          languages. Scripting languages are executable content. In this
          case, the security considerations in the Media Type
          registrations for those formats apply.

          In addition, because of the extensibility features for SVG and
          of XML in general, it is possible that "image/svg+xml" may
          describe content that has security implications beyond those
          described here. However, if the processor follows only the
          normative semantics of this specification, this content will be
          outside the SVG namespace and will be ignored. Only in the case
          where the processor recognizes and processes the additional
          content, or where further processing of that content is
          dispatched to other processors, would security issues
          potentially arise. And in that case, they would fall outside
          the domain of this registration document.

   Interoperability considerations:
          This specification describes processing semantics that dictate
          behavior that must be followed when dealing with, among other
          things, unrecognized elements and attributes, both in the SVG
          namespace and in other namespaces.

          Because SVG is extensible, conformant "image/svg+xml"
          processors must expect that content received is well-formed
          XML, but it cannot be guaranteed that the content is valid to a
          particular DTD or Schema or that the processor will recognize
          all of the elements and attributes in the document.

          SVG has a published Test Suite and associated implementation
          report showing which implementations passed which tests at the
          time of the report. This information is periodically updated as
          new tests are added or as implementations improve.

   Published specification:
          This media type registration is extracted from Appendix G of
          the SVG 1.2 specification.

   Additional information:

   Person & email address to contact for further information:
          Dean Jackson, (dean@xxxxxx).

   Intended usage:
          COMMON

   Author/Change controller:
          The SVG specification is a work product of the World Wide Web
          Consortium's SVG Working Group. The W3C has change control over
          these specifications.

-- 
 Chris Lilley                    mailto:chris@xxxxxx
 Chair, W3C SVG Working Group
 Member, W3C Technical Architecture Group