Re: [ietf-types] Registration of media typeimage/svg+xml

Chris Lilley <> Wed, 24 November 2010 22:36 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 16E7928C175 for <>; Wed, 24 Nov 2010 14:36:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.542
X-Spam-Status: No, score=-5.542 tagged_above=-999 required=5 tests=[AWL=-2.143, BAYES_00=-2.599, GB_I_LETTER=-2, J_CHICKENPOX_33=0.6, J_CHICKENPOX_65=0.6]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bVLbzOy8TK4A for <>; Wed, 24 Nov 2010 14:36:12 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 853CF28C129 for <>; Wed, 24 Nov 2010 14:36:12 -0800 (PST)
Received: from ( []) by (8.13.8/8.13.8) with ESMTP id oAOMab64009975 for <>; Wed, 24 Nov 2010 14:36:57 -0800
Received: from localhost ([]) by with esmtpa (Exim 4.69) (envelope-from <>) id 1PLNx6-0008MK-5E; Wed, 24 Nov 2010 17:36:36 -0500
Date: Wed, 24 Nov 2010 23:36:35 +0100
From: Chris Lilley <>
X-Mailer: The Bat! (v3.95.6) Home
Organization: W3C
X-Priority: 3 (Normal)
Message-ID: <>
To: Chris Lilley <>
In-Reply-To: <>
References: <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.0 ( []); Wed, 24 Nov 2010 14:36:57 -0800 (PST)
Cc: Alexey Melnikov <>,,
Subject: Re: [ietf-types] Registration of media typeimage/svg+xml
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Chris Lilley <>
List-Id: "Media \(MIME\) type review" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 24 Nov 2010 22:36:15 -0000

This is an updated registration request, incorporating the latest
round of feedback.

Type name:


Subtype name:


Required parameters:


Optional parameters:


    Same as application/xml media type, as specified in [RFC3023] or
    its successors.

Encoding considerations:

    Same as for application/xml. See [RFC3023], section 3.2 or its

Security considerations:

    As with other XML types and as noted in [RFC3023] section 10,
    repeated expansion of maliciously constructed XML entities can be
    used to consume large amounts of memory, which may cause XML
    processors in constrained environments to fail.

    Several SVG elements may cause arbitrary URIs to be referenced. In
    this case, the security issues of [RFC3986], section 7, should be

    In common with HTML, SVG documents may reference external media
    such as images, audio, video, style sheets, and scripting
    languages. Scripting languages are executable content. In this
    case, the security considerations in the Media Type registrations
    for those formats shall apply.

    In addition, because of the extensibility features for SVG and of
    XML in general, it is possible that "image/svg+xml" may describe
    content that has security implications beyond those described
    here. However, if the processor follows only the normative
    semantics of the published specification, this content will be
    outside the SVG namespace and shall be ignored. Only in the case
    where the processor recognizes and processes the additional
    content, or where further processing of that content is dispatched
    to other processors, would security issues potentially arise. And
    in that case, they would fall outside the domain of this
    registration document.

Interoperability considerations:

    The published specification describes processing semantics that
    dictate behavior that must be followed when dealing with, among
    other things, unrecognized elements and attributes, both in the
    SVG namespace and in other namespaces.

    Because SVG is extensible, conformant "image/svg+xml" processors
    must expect that content received is well-formed XML, but it
    cannot be guaranteed that the content is valid to a particular DTD
    or Schema or that the processor will recognize all of the elements
    and attributes in the document.

    SVG has a published Test Suite and associated implementation
    report showing which implementations passed which tests at the
    time of the report. This information is periodically updated as
    new tests are added or as implementations improve.

Published specification:

    This media type registration is extracted from Appendix P of the
    SVG 1.1 specification.
Applications that use this media type:

    SVG is used by Web browsers, often in conjunction with HTML; by
    mobile phones and digital cameras, as a format for interchange of
    graphical assets in desk top publishing, for industrial process
    visualization, display signage, and many other applications which
    require scalable static or interactive graphical capability.

Additional information:

    Magic number(s):

    File extension(s):

        Note that the extension 'svgz' is used as an alias for
        'svg.gz' [RFC1952], i.e. octet streams of type image/svg+xml,
        subsequently compressed with gzip.

    Macintosh file type code(s):

        "svg " (all lowercase, with a space character as the fourth letter).

        Note that the Macintosh file type code 'svgz' (all lowercase)
        is used as an alias for GZIP [RFC1952] compressed "svg ", i.e.
        octet streams of type image/svg+xml, subsequently compressed
        with gzip.

    Macintosh Universal Type Identifier code:

        org.w3c.svg conforms to public.image and to public.xml

    Windows Clipboard Name:

        "SVG Image"

    Fragment Identifiers

        For documents labeled as application/svg+xml, the fragment
        identifier notation is that for application/xml, as specified
        in RFC 3023 or its successors, plus the SVG-specific SVG Views
        syntax described in the SVG specification.

Person & email address to contact for further information:

    Chris Lilley, Doug Schepers (

Intended usage:


Restrictions on usage:



    The SVG specification is a work product of the World Wide Web
    Consortium's SVG Working Group.

Change controller:

    The W3C has change control over this specification.

 Chris Lilley   Technical Director, Interaction Domain                 
 W3C Graphics Activity Lead, Fonts Activity Lead
 Co-Chair, W3C Hypertext CG
 Member, CSS, WebFonts, SVG Working Groups