Inkscape: A Vector Drawing Tool

Privacy concern with export-filename and sodipodi:absref

Reported by Worms-x on 2007-10-09
28
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Inkscape
Medium
Unassigned

Bug Description

Inkscape 0.45.1 saves in the source of a svg file:

sodipodi:docbase="C:\complete path to the file.............."
.
.
inkscape:export-filename="C:\complete path to the file.png"

showing there the complete structure of my hard disk.

If I put a file made with Inkscape online, this is a major privacy concern,
I don't want people to see the structure of my hard disk.

Could this be changed, or at least obscured, as an option?

Thank you!

Bug Importer (bug-importer) wrote :

I thougt about that some times ago and wanted to post a similar
proposition. It is kinda freaky to share files that can reveal some infos
about the structure of a file system. As an example, I just opened in
notepad an svg downloaded from Openclipart.org and here is what I see:

inkscape:export-filename="C:\Documents and
Settings\mm81002\Desktop\resources.png"
and
sodipodi:docbase="C:\Documents and Settings\mm81002\Desktop"

from here I can say that the username in that windows system is "mm81002"

I won't say this is a bug so I'd transfer that into the feature request
section.

Molumen

Originator: NO

docbase is now gone, it wasn't really necessary

export-filename remains, because it is useful. If you don't want to share
it, just don't export to bitmap the file you are going to share (or make
backup), or export to plain svg before sharing.

Bug Importer (bug-importer) wrote :

sodipodi:absref has the same problem.

Ryan Lerch (ryanlerch) on 2008-01-15
Changed in inkscape:
importance: Undecided → Medium
status: New → Confirmed

This "feature" seems to be finally gone now. Can a dev please confirm this?

sas (sas-sas) wrote :

No, this "feature" isn't gone: inkscape:export-filename and sodipodi:absref are still created. Also, although sodipodi:docbase is no longer created, it's still preserved when editing old files.

Bug 170966 suggests putting the export hints in preferences.xml, removing the need for inkscape:export-filename. The same technique could be used to eliminate sodipodi:absref.

sas (sas-sas) wrote :

Update: sodipodi:docbase is no longer preserved when editing old files (as of SVN revision 19239). No progress on inkscape:export-filename or sodipodi:absref.

As there still is no Inkscape release with a fix, I decided to work on a tiny command line tool to make it easier
to strip such information from .svg files. It's called "svgstrip". It's not stable yet, use it at your own risk.
The Git repositoy of svgstrip can be found here:

      http://git.goodpoint.de/?p=svgstrip.git;a=summary

Please contact me if you're interested in collaboration.

jazzynico (jazzynico) wrote :

Marked Bug #230543 duplicate of this one. It also a per-document setting.

Inkscape now provides a scoured SVG option (File>Save As...) which gets rid of all unnecessary attributes. See Bug #409004.

bastik (bstk) wrote :

It would be great if there was an option to get rid of that 'inkscape:export-filename' key once and for all. (Even if it is a hidden option.)

The suggestions made, don't solve the problem for my work flow:
 * make changes in inkscape
 * export and test icon appearance
 * go to first point and repeat until it's acceptable
 * save svg
 * open svg in editor and strip inkscape:export-filename tag
 * publish svg and png

I don't like to save as plain or scoured svg as the file should be useful for others.

Jan-Erik Finnberg (wheany) wrote :

I agree with bastik. I would love to share an svg file that still retains for example layer information, so that other people can edit the file more easily, but I really don't want them to know my username (which happens to be my full real name in Windows), especially if I'm sharing a file to the public internet.

As far as I know, it's "only" a matter of deleting the export-filename attribute by hand in a text editor, or by using a script, but that is something I must always remember to do. And once I forget to do that, I probably cannot remove the information ever.

If there are other such tags or attributes that may leak personally identifiable information like that, I'd like them removed as well.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers