Extension:SVGEdit

This extension provides in-browser creation and editing of uploaded SVG files using the very nice open-source SVG-edit widget.

SVG-edit 2.5.1 is included at present.

Current versions of most major browsers should work except for Internet Explorer (IE currently requires Chrome Frame plugin, though native IE9 support works using the development version of SVG-edit 2.6.)


 * "Edit drawing" tab and button added on File: pages for SVG images
 * "SVG drawing" button added to WikiEditor advanced toolbar "insert" section to create new files conveniently while working on a page
 * file invocation is added to the text editor upon saving the file
 * currently the filename will be autogenerated from the name of the page being worked on

Installation
To install this extension, add the following to LocalSettings.php:

And of course enable SVG support to begin with or it won't be of much use!

Configuration
There is only one configuration option, which allows using an externally hosted instance of the SVG-edit editor iframe:

This can be used to run the editor off a faster static-file server, to provide a separate JavaScript security context by running the editor on another domain, or just to try a new version of the libraries.

Development
While the master code for this extension lives in Wikimedia's SVN repository, I also have a git repo where I may have some experimental branches:

http://gitorious.org/mediawiki-svgedit/mediawiki-svgedit

Known bugs

 * Actual editor issues belong upstream: http://code.google.com/p/svg-edit/
 * Editing in Internet Explorer 9 requires using a development build of svg-edit 2.6; see for switching from the built-in 2.5.1 release copy.

Todo

 * add an editor trigger on SVG images visible in regular page views (partially implemented, not yet ready)
 * allow saving without closing the editor
 * autosave & recover drafts
 * build a Gadget/user-script shim, allowing end-users to add editing to SVG-supporting wikis themselves (needs a JSONP proxy to load files for Wikimedia usage, since ApiSVGProxy is not in favor and there's been no motion to change cross-origin headers)
 * extend 'import SVG file' and 'image' tools to allow pulling other images from the wiki

Security
Communication with the actual SVG-edit tool is done via the iframe's postMessage interface, which allows limited communication across domains. Specifying a separate location for the SVG-edit instance allows running the editor on another domain, and thus separate JavaScript context, to reduce the attack surface from potentially evil SVG code.

Be aware that using an instance of SVG-edit hosted by a third-party can expose your actual SVG image data to client or server code on that domain. If using an external editor instance on a private MediaWiki, you should ensure that you trust the domain that you use.