An SVG is all you need

Posted by sadiq 3 days ago

341 points | 146 commentspage 2

orliesaurus 3 days ago|

My day job involves building dashboards, and SVGs have been invaluable for crisp icons and graphs... the portability across sizes is a blessing, but some of the more exotic filter effects still fail in certain browsers.

ALSO I've run into security reviews that flag inline SVGs because they can embed scripts... would love to see more tooling to lint and sanitize them before deployment.

BUT seeing a two-decade-old vector still render correctly gives me confidence that the core spec is solid.

lucgommans 3 days ago||

> would love to see more tooling to lint and sanitize them before deployment

Sanitisation is one of two possible defences, the other being script execution controls or sandboxing. E.g., if you serve vector images on a web server, set a Content Security Policy header¹ for all your images that simply denies all scripting. You can also run it from a dummy domain ('origin') with nothing valuable on it (like how domains such as googleusercontent.com and githubusercontent.com are being used)

For sanitisation, DOMPurify² is the only widely used and tested library that I know of. It could use more bindings for other languages but, if you can call into it, it can go in your deployment pipeline. (Disclosure: I've worked with some of the people at Cure53, but not on this project)

You can also combine the approaches for defence in depth

¹ https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP

² https://github.com/cure53/DOMPurify

e12e 3 days ago|||

> would love to see more tooling to lint and sanitize them before deployment

Did you see?:

https://github.com/cloudflare/svg-hush

greazy 3 days ago||

what dashboard software do you recommend?

krisoft 2 days ago||

I once solved a machining problem using SVG and a bit of javascript and python.

I was prototyping an orrery. It involved cutting out a lot of ad-hoc gears and frame bits on my CNC out of a sheet of brass. It was relatively easy to generate the g-code for the individual parts using fusion360, but then it was a lot of faff to zero the machine such that it cut the part from a fresh part of the brass sheet without wasting too much metal in between the parts. It involved a lot of guesswork, and eyeballing. And even with that there was a lot of brass “wasted” between the parts especially since you could only move your part in x-y but not easily rotate it.

As a solution I wrote a python script which converted the g-code into svg, and a simple one page website where i could drag the svg around and rotate it on a visual representation of the sheet. Once i found a good safe spot for it to be cut the page told me the x,y, theta coordinates for it. And then with a separate python script i could transform the g-code using the coordinates and rotation. This way the svg renderer was doing the heavy lifting of visualising the cutting paths, and i only needed to concentrate on the relatively easy transforms.

martijn_himself 3 days ago||

>They are supported on just about every device and platform

Except they aren't. I recently used a simple SVG in a background and Safari wasn't able to render it properly so after trying lots of different things I gave up and used different sizes of raster images instead.

stanac 3 days ago||

SVGs also are mostly unsupported for og:image tags (dependents on the app/browser). I know it's supper specific and I am not even sure if open graph is standardized protocol or not, but it's used everywhere.

airstrike 3 days ago|||

yeah, I was super disappointed to find that out when I built previews for https://hexrgb.pages.dev

avsm 3 days ago|||

What was the SVG that didn't work? In Jon's example in the original post, the SVG he embeds there was one he wrote in around 2005. That's a pretty impressive run for it to render 20 years on...

SoKamil 3 days ago||

They are also not supported on iOS native apps. We use pdfs for vectors.

thingsilearned 3 days ago||

I love SVG! Recently I needed to render markdown in SVG and found no library existed for that yet so I released one:

github: https://github.com/davefowler/markdown-svg playground: https://markdown-svg-production.up.railway.app

notpushkin 3 days ago|

I assume the goal is to get rid of all foreignObject uses eventually? (Otherwise it would be easier yo render one big foreignObject and convert everything to HTML)

Anyways, impressive, but what I’d really love to see is flexbox for SVG ;)

tracerbulletx 3 days ago||

This feels a little bit like discovering frontend software development? I guess we're done with the trend of being scared of bundling features and running them in the browser close to the user with JavaScript.

sbrother 2 days ago||

I once built a music game that basically ran entirely on SVG. We hacked Musescore to attach the same UUID to both the note head in SVG and the MusicXML object in two different output modes, and then used that to synchronise the sheet music scrolling with a MIDI stream. If you're interested you can see it in action in our failed Kickstarter video from like eight years ago: https://www.youtube.com/watch?v=vgbB5Q4-dgY

xxmarkuski 3 days ago||

I use ChatGPT to compress SVGs, in particular QR codes. Many QR code SVG generators produce inefficient SVGs, and conventional SVG compressors often lack the understanding required for some compression techniques. ChatGPT can replace alignment indicators with <use> elements.

Is there a way to embed the data encoded in the QR code directly within the image? This would allow the data to be parsed directly by the browser, eliminating the need for computer vision to decode it again. Going further, for web images QR codes could be efficiently encoded and rendered by the browser.

ktpsns 3 days ago||

I am not sure about your use case. There exist many JS libraries which will generate client side QR codes. How many of them do you handle that you optimize for file size? Or is it just an academic interest?

SVGs are XML so technically, yes, you can just embed your visually encoded payload data with namespaces attributes and elements. If you don't want to use namespaces, you can use off-canvas texts, hidden/opacity=0 texts or even XML comments. You can even use the regular metadata section of SVGs. You can make the whole QR code within the SVG a clickable link.

paularmstrong 3 days ago|||

> I use ChatGPT to compress SVGs, in particular QR codes

Why? svgomg.net exists, uses far fewer resources, and is going to give you much better results.

OuterVale 2 days ago||

Heads up. The site you linked is just a wrapping of the original with adverts and tracking scripts. It isn't running the latest version either. Much better off using the creator's version.

https://jakearchibald.github.io/svgomg/

zajio1am 2 days ago||

I notice one issue in SVG support in browsers that make it pretty unusable. When multiple polygons connect by edge, renderers alpha-blend their edges as if they are in general position, causing visible 'seam'. This is well-known problem in 2D graphics, usually handled by explicit selection of blending functions, but i cannot find anything about how to fix it in SVG.

absoluteunit1 3 days ago||

I love working with SVGs.

We use SVGs on https://typequicker.com/press for the blog post hero images.

This way - even if the user changes themes, the colors of the image will be consistent with whatever theme is currently active. Also - the loading time is near-instant since we don't need to fetch the img file for the blog post image - just render the svg.

ChrisMarshallNY 3 days ago|

I remember an employee of mine, who was possibly the best engineer I ever knew, wrote up a specification document for his own vignetting algorithm, in Postscript.

The algorithm provided a 100X performance improvement over the classic Monte Carlo stuff that Tokyo had written.

The charts in the document were executable Postscript, running his algorithm.

That got the attention of the Ph.Ds in Tokyo. He was a high school-educated neurodivergent.

More comments...