[Feature request] Allow SVG as test case visualization

[mpsijm]

Description of the enhancement request

Test cases can already have PNG/JPG/GIF images attached to them, see here. It would be nice to also allow support for SVG.

In the Slack discussion, it was mentioned that SVG allows potentially executable code, so it would be wise to sanitize them during the import. On the other hand, these SVGs are only created by (usually trusted) jury members (perhaps except in the case of output visualization, see #2744).

The goal you want to achieve

For jury members, it would give more options to create a visualization. Automatically generating PNGs requires some library code, and SVGs can simply be written as plain text.

Expected behaviour

Expectation: SVGs are not rejected during import.

[eldering]

I'm surprised we don't already support this!

Also, I think the security argument is not very strong, even for output visualization: these image are generated by either the jury or output visualizer code provided by the jury, so should be trustable. If you start downloading problems from the internet, then it's up to the admin doing that to know to trust the sources, since you're already pulling in code (compare scripts, visualizer scripts, etc.) anyways.

[mpsijm]

For the output visualizer, I can think of one way of an injection attack: the team could output some <script> tags, and if a poorly written output visualizer dumps (a part of) the team's output directly into the SVG, that's a problem 😛