Extension:SVGEdit

What this extension does
This extension provides in-browser editing of uploaded SVG files using the very nice open-source SVG-edit widget.

SVG-edit 2.5.1 is included at present.

Current versions of most major browsers should work except for Internet Explorer (IE currently requires Chrome Frame plugin, though native IE9 support works using the development version of SVG-edit 2.6.)

Installation
To install this extension, add the following to LocalSettings.php:

Currently also requires the ApiSVGProxy extension to be enabled:

And of course enable SVG support to begin with or it won't be of much use!

Configuration
There is only one configuration option, which allows using an externally hosted instance of the SVG-edit editor iframe:

$wgSVGEditEditor = 'http://toolserver.org/~brion/svg-edit/svg-editor.html';

This can be used to run the editor off a faster static-file server, to provide a separate JavaScript security context by running the editor on another domain, or just to try a new version of the libraries.

Development
While the master code for this extension lives in Wikimedia's SVN repository, I also have a git repo where I may have some experimental branches:

http://gitorious.org/mediawiki-svgedit/mediawiki-svgedit

Known bugs

 * Actual editor issues belong upstream: http://code.google.com/p/svg-edit/
 * open seems to have some race conditions (sometimes doesn't load the initial file)
 * shows edit button on IE9 but editor doesn't work (needs updated SVG-edit 2.6, still in dev)

Todo

 * add an editor trigger on SVG images visible in regular page views
 * allow saving without closing the editor
 * autosave & recover drafts
 * editor toolbar button to open the editor with a fresh canvas and insert the saved file
 * build a Gadget/user-script shim, allowing end-users to add editing to SVG-supporting wikis themselves
 * extend 'import SVG file' and 'image' tools to allow pulling other images from the wiki
 * read local files directly with XHR if ApiSVGProxy not present

Security
Communication with the actual SVG-edit tool is done via the iframe's postMessage interface, which allows limited communication across domains. Specifying a separate location for the SVG-edit instance allows running the editor on another domain, and thus separate JavaScript context, to reduce the attack surface from potentially evil SVG code.

Be aware that using an instance of SVG-edit hosted by a third-party can expose your actual SVG image data to client or server code on that domain. If using an external editor instance on a private MediaWiki, you should ensure that you trust the domain that you use.