Conversation

Replying to

The SVG Tiny Portable/Secure format is neat though. It's a further restricted form of SVG Tiny 1.2 created as part of the BIMI standard. datatracker.ietf.org/doc/html/draft Talked about this with

@RichFelker

last year right before this new standard was available:

Quote Tweet

Daniel Micay

@DanielMicay

Jul 8, 2020

Replying to @DanielMicay and @RichFelker

The full specification of SVG 2 does actually have the concept of secure and static modes: w3.org/TR/SVG2/confor 'Secure static mode' disables external references, scripts, declarative animation and interactivity. It's still an insanely complicated specification though.

Daniel Micay

@DanielMicay

Aug 10, 2021

SVG Tiny Portable/Secure is SVG Tiny 1.2 without scripts, animations, interactivity, external references of any kind or x/y attributes in the root element. Most tools don't support it yet so you need to export the most minimal supported format and manually convert. It's easy.

Replying to

I never really thought about this.... but why does the image format have scripting in its standard?

Replying to

It was intended to be usable as a replacement for Adobe Flash without involving HTML. It supports animations and interactivity along with generic scripting capabilities. SVG even had networking support standardized before JS WebSockets were a thing: w3.org/TR/2004/WD-SVG

Replying to

and

SVG Tiny 1.2 is a far more reasonable standard than normal SVG and SVG Tiny Portable/Secure strips out the animation/interactivity/scripting support among other things. I have some minor annoyances with SVG Tiny P/S such as how they forgot to allow viewport-fill for the root.

Replying to

“[...] and thus includes a subset of the features included in SVG 1.1 Full, [...]” That sounds a lot more like an image format, and if it's a subset there shouldn't be any problems reading an SVG tiny with a reader that supports SVG full w3.org/TR/SVGTiny12/

Replying to

SVG Tiny 1.2 still has animation, interactivity, scripting, etc. though. SVG Tiny Portable/Secure (datatracker.ietf.org/doc/html/draft) is a subset of SVG Tiny 1.2 with all of that stripped out so that it's actually a vector image format instead of a complex dynamic application format.

Replying to

and

They also stripped out a bunch of the overly complex vector image support and a ton of other things. There are a couple things like viewport-fill for the root which should be supported and are strangely absent. I think it just a mistake in defining the grammar and I emailed them.

Replying to

wait the "tiny" format still has all of those features? That seems a bit... convoluted Reminds me of how Adobe Reader has a dedicated "Read Mode", quite ironic I would say

Replying to

SVG Tiny 1.2 still has those things. SVG Tiny Portable/Secure is the first sane form of SVG. They released the first draft of SVG Tiny Portable/Secure in July 2020 and the 2nd draft recently came out in March 2021. It was made to have a far safer form of SVG for BIMI to use.

Replying to

and

Since these will get rendered in email clients so it should really be something portable and secure. Typical legacy SVG 1.1 is insanely complex and even SVG Tiny 1.2 is far too complicated to have reasonably complete and secure implementations. They had to make this sane subset.

7:27 AM · Aug 10, 2021Twitter Web App

Replying to

I see, that's some interesting backstory. I get your point about the format being a failed experiment. I feel like this progress should have been the other way around, i.e. defining the most minimal vector image format as a foundation, and expanding upon that.

Replying to

Android has developer.android.com/guide/topics/g because of how screwed up the SVG standard was but could migrate to using SVG Tiny Portable/Secure in the future. It's too new and barely anything supports SVG Tiny P/S yet especially since it's still an early draft with some odd limitations.

developer.android.com

Vector drawables overview | Android Developers

This document explains the overall usage of the vector drawable resources through either framework APIs or support libraries