Some SVG files created in Adobe Illustrator and edited in Inkscape are rejected when you try to upload them with 'uploadscriptednamespace' error ("This SVG file contains an illegal namespace"). This is caused by Illustrator using an absolutely ridiculous syntax for XML namespace definitions and Inkscape being unable to parse them.
Two reports of this issue I'm aware of:
- https://commons.wikimedia.org/wiki/Commons:Upload_help/Archive/2016/05#Upload_difficulties.2C_sourced_from_Wikimedia_Commons (T134663)
- https://commons.wikimedia.org/wiki/Commons:Village_pump#Unable_to_upload_SVG_images
Here's another file I found on Commons that exhibits this issue: https://commons.wikimedia.org/wiki/File:Andhra_Pradesh_in_India_(claimed_and_disputed_hatched).svg
To reproduce:
- Download that file.
- Open and save in Inkscape – result:
- Try uploading it back.
The original Illustrator file starts with:
<?xml version="1.0" encoding="utf-8"?> <!-- Generator: Adobe Illustrator 13.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 14948) --> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [ <!ENTITY ns_extend "http://ns.adobe.com/Extensibility/1.0/"> <!ENTITY ns_ai "http://ns.adobe.com/AdobeIllustrator/10.0/"> <!ENTITY ns_graphs "http://ns.adobe.com/Graphs/1.0/"> <!ENTITY ns_vars "http://ns.adobe.com/Variables/1.0/"> <!ENTITY ns_imrep "http://ns.adobe.com/ImageReplacement/1.0/"> <!ENTITY ns_sfw "http://ns.adobe.com/SaveForWeb/1.0/"> <!ENTITY ns_custom "http://ns.adobe.com/GenericCustomNamespace/1.0/"> <!ENTITY ns_adobe_xpath "http://ns.adobe.com/XPath/1.0/"> ]> <svg version="1.1" id="svg2" xmlns:x="&ns_extend;" xmlns:i="&ns_ai;" xmlns:graph="&ns_graphs;" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:svg="http://www.w3.org/2000/svg" xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" xmlns:cc="http://creativecommons.org/ns#" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" inkscape:output_extension="org.inkscape.output.svg.inkscape" sodipodi:version="0.32" sodipodi:docname="India_location_map.svg" inkscape:version="0.46" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="1500px" height="1614.844px" viewBox="0 0 1500 1614.844" enable-background="new 0 0 1500 1614.844" xml:space="preserve">
Upon editing it with Inkscape, I get:
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <!-- Generator: Adobe Illustrator 13.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 14948) --> <svg xmlns:i="&ns_ai;" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://creativecommons.org/ns#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:svg="http://www.w3.org/2000/svg" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd" xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape" version="1.1" id="svg2" inkscape:output_extension="org.inkscape.output.svg.inkscape" sodipodi:version="0.32" sodipodi:docname="Andhra_Pradesh_in_India_(claimed_and_disputed_hatched).svg" inkscape:version="0.48.4 r9939" x="0px" y="0px" width="1500px" height="1614.844px" viewBox="0 0 1500 1614.844" enable-background="new 0 0 1500 1614.844" xml:space="preserve">
The xmlns:i namespace definition has been mangled. (Other namespace definitions were removed, since they're not actually used in the file.)
Opening and saving the file again causes xmlns:i="&ns_ai;" to turn into xmlns:i="&#38;ns_ai;", then xmlns:i="&#38;#38;ns_ai;" and so on.
So… I guess what I'm asking is, can we relax the checks in UploadBase::checkSvgScriptCallback() to allow these broken namespace names? Mostly everything ignores them and renders the file file, and I don't think they can be a security vulnerability in any way.