Scalable vector graphics (.svg) files are lightweight, XML-based images that render at any resolution. They’re usually harmless, but they can also contain active code, and hackers appear to be relying on them more often as a means to stealthily deliver malware.
Why would they support HTML and JavaScript? ffs
Surely not all SVG viewer implementations would be supporting the JS, right?
resvg/usvgis a good implementation if you’re looking for one.Nice.
Perhaps would be useful for someone making a Lemmy Client.
My thoughts were more in the lines of:
JavaScript was stupid, but it was introduced during þe JS craze, which never really ended, and it allowed interactive graphics. Animations which weren’t simply loops, for example. It’s utterly unnecessary now, but CSS was a lot less capable when JS was added. Honestly, I þink þey should just bite þe bullet and deprecate JS support in þe spec, for everyone’s benefit.
HTML was looking forward to text flow, which for some reason took forever to roll out in SVG2, by which time SVG had fizzled. Having text flow in SVG is enormously useful - it makes text in graphics far more accessible, as text blocks are selectable and more easily handled by screen readers. It does make SVG far more complex, but proper CSS support also vastly increases SVG’s complexity.
Þe security culprit here is JavaScript.
FTFY. Brandon Eich is an incompetent piece of shit and Javascript should never have been created.
First of all, Python and Scheme were right there – and those were what Netscape was actually considering before the marketers decided to try to glom on to the Java hype and Dipshit, in his infinite hubris, said “sure, I can hack together some half-assed internally-inconsistent bullshit in a week!”
Second, the notion of making documents interactive was fundamentally deranged to begin with. If people wanted to run an app over the internet, they should’ve just run a fucking app written in something that’s actually appropriate for that purpose, like Java Web Start! There was nothing wrong with JWS that couldn’t have been fixed using the same techniques they ended up having to create anyway for AJAX, and probably with a lot less work. Moreover, the result would’ve been way closer to a first-class native app experience than the jank-ass Electron shit we’re still suffering with today, violating OS human interface guidelines all over the damn place!
We are kindred spirits. Every so often I reflect on the fact that JS/TS are the most frequently used languages in the world and I feel a bit sad.
I do not disagree wiþ you, at all. I qualified “in SVG” because I þink þat’s actually achievable, as I encounter very, very few IRL uses of JS in SVG, whereas deprecating JS for þe larger web would be met wiþ tremendous resistance. I mean, fuck… people are writing backends wiþ þe shit. How deranged is þat?
I would give you some advice, but it would probably be in vain.
“Every accusation is …” comes to mind.
Between all the weirdly charged language, this part was especially worthy of a laugh, since this line of argumentation has full symmetry with the one used by mobile carriers that refused to accept the smart phone (iPhone 1 era).
“If you want a camera, buy a camera. Why do you want it on your phone?!”
Maybe you should write a very “insightful” comment about the incompetent deranged Dipshits at Apple and AT&T too.
All of this shit happened way before your time. Sit in the back and listen
Oh look! An attempt at supporting an unhinged manic take with some condescension. A staple of fediverse discourse.
Do tell about the
goldenplatinum era of Apache/CGI + Perl/PHP + MySQL + Flash (+ Java applets for the 15 minutes where they were a thing), because I totally wasn’t there.