Extension:SVGEdit

What this extension does
This extension provides in-browser editing of uploaded SVG files using the very nice open-source SVG-edit widget.

SVG-edit 2.5.1 is included at present.

Current versions of most major browsers should work except for Internet Explorer (IE currently requires Chrome Frame plugin, though native IE9 support works using the development version of SVG-edit 2.6.)

Installation
To install this extension, add the following to LocalSettings.php:

And of course enable SVG support to begin with or it won't be of much use!

Configuration
There is only one configuration option, which allows using an externally hosted instance of the SVG-edit editor iframe:

$wgSVGEditEditor = 'http://toolserver.org/~brion/svg-edit/svg-editor.html';

This can be used to run the editor off a faster static-file server, to provide a separate JavaScript security context by running the editor on another domain, or just to try a new version of the libraries.

Development
While the master code for this extension lives in Wikimedia's SVN repository, I also have a git repo where I may have some experimental branches:

http://gitorious.org/mediawiki-svgedit/mediawiki-svgedit

Known bugs

 * Actual editor issues belong upstream: http://code.google.com/p/svg-edit/
 * Editing in Internet Explorer 9 requires using a development build of svg-edit 2.6; see for switching from the built-in 2.5.1 release copy.

Todo

 * add an editor trigger on SVG images visible in regular page views (partially implemented, not yet ready)
 * allow saving without closing the editor
 * autosave & recover drafts
 * editor toolbar button to open the editor with a fresh canvas and insert the saved file (need to figure out how to extend both WikiEditor and the old toolbar cleanly)
 * build a Gadget/user-script shim, allowing end-users to add editing to SVG-supporting wikis themselves (needs a JSONP proxy to load files for Wikimedia usage, since ApiSVGProxy is not in favor and there's been no motion to change cross-origin headers)
 * extend 'import SVG file' and 'image' tools to allow pulling other images from the wiki

Security
Communication with the actual SVG-edit tool is done via the iframe's postMessage interface, which allows limited communication across domains. Specifying a separate location for the SVG-edit instance allows running the editor on another domain, and thus separate JavaScript context, to reduce the attack surface from potentially evil SVG code.

Be aware that using an instance of SVG-edit hosted by a third-party can expose your actual SVG image data to client or server code on that domain. If using an external editor instance on a private MediaWiki, you should ensure that you trust the domain that you use.