What steps will reproduce the problem? 1. Draw something on editor. 2. Click on Export from SVG-Edit menu (Top left corner) 3. Click ok from the popup to export. This process will crash the browser.
As per our code review, this is happening due to getSvgString() function from svgCanvas.js
In what browser did you experience this problem? This issue is specifically happen in IE 11 version(11.0.18).
In what version of SVG-edit does the problem occur? (Latest trunk, 2.7.1, etc)
Thanks for your help in advance.
Comment #1
Posted on Apr 24, 2015 by Grumpy PandaI have the same issue for version 2.6. This crash happens in this.svgToString function when javascript tries to get values namespaceURI and nodeValue from the svg attributes of the DOM model.
To reproduce: 1. add any text object to canvas 2. press 'U' or 'Svg' button at top left corner 3. modfy text in svg text editor and press 'Ok' button. 4. repeat step 2. Browser crashed
The reason is recent Microsoft update Microsoft Security Bulletin MS15-032 (3038314) Its affects also IE 10.
You can uninstall this update and this will the issue but it's not a solution for all clients. This is critical for us and we need to fix it ASAP. Any help would be highly appreciated.
Comment #2
Posted on Apr 24, 2015 by Grumpy PandaComment deleted
Comment #3
Posted on Apr 30, 2015 by Grumpy PandaUpdate:
I found issue in svgcanvas.js when you load svg in some places function prepareSVG sanitized DOM of loaded svg. And this is a reason of IE crash.
The simplest way is disable sanitize for IE change this this.prepareSvg(newDoc); to this if (!svgedit.browser.isIE) this.prepareSvg(newDoc);
if you still need this feature for IE you are welcome to dig deeper.
Comment #4
Posted on May 6, 2015 by Grumpy HippoHello sergey,
Thanks a lot for you timely help. you saved my life.
Regards, Kunjesh
Comment #5
Posted on May 14, 2015 by Massive CatSergey - Is there any solution if you NEED to use the prepareSvg function in IE?
Comment #6
Posted on May 14, 2015 by Grumpy RhinoAny plans on fixing the issue ? We have an svg heavy application and the entire application crashes. Would appreciate if any one can throw more light on this issue. Skipping prepareSvg would not work for us.
Comment #7
Posted on May 15, 2015 by Grumpy PandaUpdate 2:
Skipping prepareSvg leads to issue with pathes. preparesvg sanitize dom model which cause IE crash and convert pathes to absolute commands. The last one should be kept. This impacts to proper define bbox for path svg elements.
So I enable preparesvg function call and now this function looks: this.prepareSvg = function(newDoc) {
if (!svgedit.browser.isIE)
this.sanitizeSvg(newDoc.documentElement);
// convert paths into absolute commands
var paths = newDoc.getElementsByTagNameNS(svgns, "path");
for (var i = 0, len = paths.length; i < len; ++i) {
var path = paths[i];
path.setAttribute('d', pathActions.convertPath(path));
pathActions.fixEnd(path);
}
};
I don't understand why sanitize applied at DOM elements. SVG is xml and sanitize should be applied to xml before convert it to DOM.
To avoid IE crash I disabled sanitize for IE and in our solution user not permitted unmanaged modification of svg and we in control of svg quality, so we are good with current fix.
But I suggest to optimize sanitize functionality and apply it to svg rather then dom elements.
Comment #8
Posted on May 17, 2015 by Massive CatSergey - Thanks for the quick reply. We have implemented this solution and it seems to have fixed our problems.
Thanks again!
Comment #9
Posted on Jun 4, 2015 by Swift Kangaroothanks its also work for me in IE 11
Comment #10
Posted on Jun 26, 2015 by Helpful Wombatthanks, in iE11 the workaround worked. But unfortunately it seems o break our application in IE10 in some cases Are there any news about that issue?
Comment #11
Posted on Jul 13, 2015 by Quick OxWe also have the same issue in IE10. Did you find a solution to solve it in IE10?
Comment #12
Posted on Jul 13, 2015 by Massive RabbitIssue is beacuse of this code in sanitizeSvg function in svgedit.compiled.js file:
for(q=i.attributes.length;q--;){
var D=i.attributes.item(q),u=D.nodeName,A=D.localName,p=D.namespaceURI;
if(!(g.hasOwnProperty(A)&&p==g[A]&&p!=a.XMLNS)&&!(p==a.XMLNS&&I[D.nodeValue])){u.indexOf("se:")===0&&w.push([u,D.nodeValue]);i.removeAttributeNS(p,A)}
if(svgedit.browser.isGecko())switch(u){case "transform":case "gradientTransform":case "patternTransform":A=D.nodeValue.replace(/(\d)-/g,"$1 -"); i.setAttribute(u,A)}
if(u=="style"){D=D.nodeValue.split(";");for(u=D.length;u--;){p=D[u].split(":");A=$.trim(p[0]);p=$.trim(p[1]);e.indexOf(A)>=0&&i.setAttribute(A,p)}i.removeAttribute("style")}
}
Comment #13
Posted on Jul 13, 2015 by Massive RabbitTo be more precise because of this code : var D=i.attributes.item(q)
Comment #14
Posted on Jul 13, 2015 by Happy GiraffeThanks for the helpful pinpointing, rakesht. I don't really have time/energy to help with this, but just wanted to say you might try replacing the line with:
var D=i.attributes[q];
...and see if that makes any difference.
You could also use console.log(q)
before that line to find out which numbered attribute gives the problem.
I'd also strongly recommend testing against the version currently on Github to test against the latest code.
It would also be helpful to do console.log(i.outerHTML);
right before the error to see the specific element it is choking on, and then if you know the attribute count, you can confirm which particular attribute gives the problem (or if it is all attributes).
Comment #15
Posted on Jul 14, 2015 by Swift LionIs there any way to without using KB3038314 update for IE-10 load svg-edit sketch tool?
Status: New
Labels:
Type-Defect
Priority-Medium