On Thu, Dec 03, 2020 at 07:25:10PM +0300, lg.zevlg@gmail.com wrote:
>
> > 3 дек. 2020 г., в 19:17, Alan Third <alan@idiocy.org> написал(а):
> >
> > On Thu, Dec 03, 2020 at 06:47:37PM +0300, Evgeny Zajcev wrote:
> >> diff --git a/src/xdisp.c b/src/xdisp.c
> >> index 76ef420a36..51735b269d 100644
> >> --- a/src/xdisp.c
> >> +++ b/src/xdisp.c
> >> @@ -34631,6 +34631,7 @@ syms_of_xdisp (void)
> >> DEFSYM (QCeval, ":eval");
> >> DEFSYM (QCpropertize, ":propertize");
> >> DEFSYM (QCfile, ":file");
> >> + DEFSYM (QCbase_uri, ":base-uri");
> >> DEFSYM (Qfontified, "fontified");
> >> DEFSYM (Qfontification_functions, "fontification-functions");
> >
> > Hi Evgeny, is there any reason this couldn't go in image.c? I think we
> > only need it when librsvg is compiled in too.
>
> You are right, this is svg only thing, I’ll fix
I'm also wondering whether this is something that would be useful when
loading from a file and not just data? It might be considered a
security risk, I suppose?
No risk, because `:base-uri` is part of image properties and not svg data. And if one specified explicitly `:base-uri` then he knows what he is doing and understands that loading an svg image could access files inside `:base-uri`.
Having control over svg base_uri is a nice thing to have for both data and file image specifiers.