"uploaded-script-svg": "Found scriptable element \"$1\" in the uploaded SVG file.",
"uploaded-hostile-svg": "Found unsafe CSS in the style element of uploaded SVG file.",
"uploaded-event-handler-on-svg": "Setting event-handler attributes <code>$1=\"$2\"</code> is not allowed in SVG files.",
- "uploaded-href-attribute-svg": "href attributes <code><$1 $2=\"$3\"></code> with non-local target (e.g. http://, javascript:, etc) are not allowed in SVG files.",
- "uploaded-href-unsafe-target-svg": "Found href to unsafe target <code><$1 $2=\"$3\"></code> in the uploaded SVG file.",
+ "uploaded-href-attribute-svg": "href attributes in SVG files are only allowed to link to http:// or https:// targets, found <code><$1 $2=\"$3\"></code>.",
+ "uploaded-href-unsafe-target-svg": "Found href to unsafe data: URI target <code><$1 $2=\"$3\"></code> in the uploaded SVG file.",
"uploaded-animate-svg": "Found \"animate\" tag that might be changing href, using the \"from\" attribute <code><$1 $2=\"$3\"></code> in the uploaded SVG file.",
"uploaded-setting-event-handler-svg": "Setting event-handler attributes is blocked, found <code><$1 $2=\"$3\"></code> in the uploaded SVG file.",
"uploaded-setting-href-svg": "Using the \"set\" tag to add \"href\" attribute to parent element is blocked.",