I find it very weird that Lemmy support gifs but does not support svg format, is there is a specific reason for that?

  • tal
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    edit-2
    1 day ago

    I haven’t looked into any actual decision process, and personally, I’d like to be able to post vector files myself, but there are some real concerns that I suspect apply (and are probably also why other sites, like Reddit, don’t provide SVG support).

    • SVG can contain Javascript, which can introduce security concerns

    • My guess is that there are resource-exhaustion issues. With a raster format, like, say, PNG, you’re probably only going to create issues with very large images, which are easy to filter out – and the existing system does place limits on that. With a typical, unconstrained vector format like Postscript or SVG, you can probably require an arbitrarily long amount of rendering time from the renderer (and maybe memory usage, dunno, don’t know how current renderers work).

    • At least some SVG renderers support reference of external files. That could permit, to some degree, deanonymizing people who view them – like, a commenter could see which IP addresses are viewing a comment. That’s actually probably a more general privacy issue with Lemmy today, but it can at least theoretically be addressed by modifying Threadiverse server software to rewrite comments and by propagating and caching images, whereas SVG support would bake external reference support in.

    I think that an environment that permits arbitrary vector files to be posted would probably require some kind of more-constrained format, or at minimum, some kind of hardened filter on the instance side to block or process images to convert them into a form acceptable for mass distribution by anonymous users.

    Note that Lemmy does have support for other format than SVG, including video files – just not anything vector ATM.

    If the art you want to post is flat-color, my guess is that your closest bet is probably posting a raster version of it as PNG or maybe lossless webp.

    Can also store an SVG somewhere else that permits hosting SVG and provide an external link to that SVG file.

    • pelya@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      1 day ago

      Most vector rendering libraries have options to disable all the fancy stuff like Javascript and external links. If you manage to find one that supports it in the first place. As for resource usage, the server sends image files without decoding, so whatever forkbomb you will manage to include into your SVG will only crash Lemmy clients, so, ‘not our problem’. Maybe it will become a problem for the server when generating thumbnail image.

    • Zak@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      1 day ago

      propagating and caching images

      This leads to the problem of abusive users trying to cause legal issues for server owners by introducing CSAM.