Inkscape

XML Entities used for namespace declarations prevent file loading in trunk and 0.48.4

Bug #1093433 reported by su_v
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Inkscape
Triaged
Undecided
Unassigned

Bug Description

Follow-up to bug #1025185:

Problem:
--------
Third-party SVG files (the ones I encountered so far are all created
with Adobe Illustrator) may define namespace declarations as XML
entities. These files no longer load in Inkscape 0.48.4 and current
trunk after the fix for bug #1025185, no matter whether the preference
 '/options/externalresource/xml/allow_net_access'
is true or not.

<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 12.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 51448) -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd" [
 <!ENTITY ns_svg "http://www.w3.org/2000/svg">
 <!ENTITY ns_xlink "http://www.w3.org/1999/xlink">
]>
<svg version="1.0" id="Layer_1" xmlns="&ns_svg;" xmlns:xlink="&ns_xlink;" width="1457.75" height="341.25"
  viewBox="0 0 1457.75 341.25" overflow="visible" enable-background="new 0 0 1457.75 341.25" xml:space="preserve">

or

<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 12.0.1, SVG Export Plug-In . SVG Version: 6.00 Build 51448) -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
 <!ENTITY ns_extend "http://ns.adobe.com/Extensibility/1.0/">
 <!ENTITY ns_ai "http://ns.adobe.com/AdobeIllustrator/10.0/">
 <!ENTITY ns_graphs "http://ns.adobe.com/Graphs/1.0/">
 <!ENTITY ns_vars "http://ns.adobe.com/Variables/1.0/">
 <!ENTITY ns_imrep "http://ns.adobe.com/ImageReplacement/1.0/">
 <!ENTITY ns_sfw "http://ns.adobe.com/SaveForWeb/1.0/">
 <!ENTITY ns_custom "http://ns.adobe.com/GenericCustomNamespace/1.0/">
 <!ENTITY ns_adobe_xpath "http://ns.adobe.com/XPath/1.0/">
 <!ENTITY ns_svg "http://www.w3.org/2000/svg">
 <!ENTITY ns_xlink "http://www.w3.org/1999/xlink">
]>
<svg version="1.1" id="Layer_1" xmlns:x="&ns_extend;" xmlns:i="&ns_ai;" xmlns:graph="&ns_graphs;"
  xmlns="&ns_svg;" xmlns:xlink="&ns_xlink;" width="198.13" height="197.58" viewBox="0 0 198.13 197.58"
  overflow="visible" enable-background="new 0 0 198.13 197.58" xml:space="preserve">

Tested on OS X 10.7.4 with libxml2 2.7.8 and libxml2 2.8.0:
- not reproduced with Inkscape 0.48.3.1 and trunk <= r11930
- reproduced with Inkscape 0.48.4 and trunk >= r11931
  (last tested with r11976)

Sample files (also attached as zip archive):
-------------
(Caution: when downloading any of the SVG files in Firefox, make sure to
save as Inkscape/SVG file and not as webpage, else only a copy with the
entities already substituted will be saved locally):
- <http://en.wikipedia.org/wiki/File:CIExy1931.svg> (from bug #324849)
- <http://commons.wikimedia.org/wiki/File:Ruby_logo.svg> (from bug #499257)
- <http://gpsmid.cvs.sourceforge.net/viewvc/gpsmid/GpsMid/resources/images/icon/main/i_back.svg> (from bug #499257)
- 'HDMI_Logo.svg' from
  <https://bugs.launchpad.net/inkscape/+bug/682585/+attachment/1748520/+files/schema.tar.gz>
- 'Spain_traffic_signal_r108.svg' from
  <https://bugs.launchpad.net/inkscape/+bug/684652/+attachment/1753960/+files/SpainSource.7z>
- <http://en.wikipedia.org/wiki/File:Sony_Ericsson_logo.svg>

This one loads despite namespace warning:
- <https://bugs.launchpad.net/inkscape/+bug/883648/+attachment/2578376/+files/Logo.svg> (from bug #883648)

Tags: regression svg
Revision history for this message
su_v (suv-lp) wrote :
Revision history for this message
jazzynico (jazzynico) wrote :

Confirmed on Windows XP, Inkscape 0.48.4 and trunk revision 11986.

Changed in inkscape:
status: New → Triaged
Revision history for this message
Mykee (halasim) wrote :

Sorry for status, I confirmed this bug, but I cannot change to Triaged... Please fix to status. Thanks.

Changed in inkscape:
status: Triaged → Fix Released
jazzynico (jazzynico)
Changed in inkscape:
status: Fix Released → Triaged
Revision history for this message
JPi (ajuanpi) wrote :

I found that erasing a special header that Illustrator (11.0) adds the file can be loaded without problems. I attach a file that cannot be loaded.

In the next post I will attach the same file but edited such that cit an be loaded.

I hope this helps.

Revision history for this message
JPi (ajuanpi) wrote :

Here is the edited file that can be loaded without problems.

I basically removed all the metadata. Inkscape should just ignore that part... I guess.

Revision history for this message
su_v (suv-lp) wrote :

Turns out that the fix for
- Bug #1025185 “XXE vulnerability during rasterization of SVG images”
  <http://bazaar.launchpad.net/~inkscape.dev/inkscape/trunk/revision/11931>
reverted the fix for
- Bug #166371 “Illustrator CS SVG won't load: namespace URIs in entities”
  <http://inkscape.svn.sourceforge.net/viewvc/inkscape?view=revision&revision=7900>

-> I'm reopening bug #166371 and linking this one as duplicate to bug #166371.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.