Same as application/xml media type, as specified in
RFC3023 or it's successor.
Same as for application/xml. See RFC3023, section 3.2.
As with other XML types and as noted in RFC3023 section
10, repeated expansion of maliciously constructed XML
entities can be used to consume large amounts of memory,
which may cause XML processors in constrained environments to
SVG documents may be transmitted in compressed form using
gzip compression. For systems which employ MIME-like
mechanisms, such as HTTP, this is indicated by the
Content-Transfer-Encoding header; for systems which do not,
such as direct filesystem access, this is indicated by the
filename extension and by the Macintosh File Type Codes. In
addition, gzip compressed content is readily recognized by
the initial byte sequence as described in RFC1952
Several SVG elements may cause arbitrary URIs to be
referenced. In this case, the security issues of
RFC3986, section 7, should be considered.
In common with HTML, SVG documents may reference external
media such as images, audio, video, style sheets, and
scripting languages. Scripting languages are executable
content. In this case, the security considerations in the
Media Type registrations for those formats shall apply.
In addition, because of the extensibility features for SVG
and of XML in general, it is possible that "image/svg+xml"
may describe content that has security implications beyond
those described here. However, if the processor follows only
the normative semantics of this specification, this content
will be outside the SVG namespace and shall be ignored. Only
in the case where the processor recognizes and processes the
additional content, or where further processing of that
content is dispatched to other processors, would security
issues potentially arise. And in that case, they would fall
outside the domain of this registration document.
This specification describes processing semantics that
dictate behavior that must be followed when dealing with,
among other things, unrecognized elements and attributes,
both in the SVG namespace and in other namespaces.
Because SVG is extensible, conformant "image/svg+xml"
processors must expect that content received is well-formed
XML, but it cannot be guaranteed that the content is valid to
a particular DTD or Schema or that the processor will
recognize all of the elements and attributes in the document.
SVG has a published Test Suite and associated implementation
report showing which implementations passed which tests at
the time of the report. This information is periodically
updated as new tests are added or as implementations improve.
This media type registration is extracted from Appendix P of
the SVG 1.1 specification.
Applications that use this media type:
SVG is used by Web browsers, often in conjunction with HTML;
by mobile phones and digital cameras, as a format for
interchange of graphical assets in desk top publishing, for
industrial process visualization, display signage, and many
other applications which require scalable static or
interactive graphical capability.
svg, svgz (if gzip-compressed)
Macintosh file type code(s):
"svg " (all lowercase, with a space character as the
fourth letter), "svgz" (all lowercase, if
Person & email address to contact for further information:
Chris Lilley, Doug Schepers (member-svg-media-type(_at_)w3(_dot_)org).
Restrictions on usage:
The SVG specification is a work product of the World Wide Web
Consortium's SVG Working Group.
The W3C has change control over this specification.
Chris Lilley mailto:chris(_at_)w3(_dot_)org
Technical Director, Interaction Domain
W3C Graphics Activity Lead
Co-Chair, W3C Hypertext CG