This appendix is normative.
This appendix registers a new MIME media type, "image/svg+xml" in conformance with BCP 13 and W3CRegMedia .
image
svg+xml
None.
None
The encoding of an SVG document shall be determined by the XML encoding declaration. This has identical semantics to the application/xml media type in the case where the charset parameter is omitted, as specified in RFC3023 sections 8.9, 8.10 and 8.11.
Same as for application/xml. See RFC3023 , section 3.2.
None
As with other XML types and as noted in RFC3023 section 10, repeated expansion of maliciously constructed XML entities can be used to consume large amounts of memory, which may cause XML processors in constrained environments to fail.
SVG documents may be transmitted in compressed form using gzip compression. For systems which employ MIME-like mechanisms, such as HTTP, this is indicated by the Content-Transfer-Encoding header; for systems which do not, such as direct filesystem access, this is indicated by the filename extension and by the Macintosh File Type Codes. In addition, gzip compressed content is readily recognised by the initial byte sequence as described in RFC1952 section 2.3.1.
Several SVG elements may cause arbitrary URIs to be referenced. In this case, the security issues of RFC3986 , section 7, should be considered.
In common with HTML, SVG documents may reference external media such as images, audio, video, style sheets, and scripting languages. Scripting languages are executable content. In this case, the security considerations in the Media Type registrations for those formats shall apply.
In addition, because of the extensibility features for SVG and
of XML in general, it is possible that "image/svg+xml" may describe
content that has security implications beyond those described here.
However, if the processor follows only the normative semantics of
this specification, this content will be outside the SVG namespace and shall be ignored. Only in
the case where the processor recognizes and proc o