Simon Willison’s Weblog

Subscribe

Saturday, 26th October 2024

ChatGPT advanced voice mode can attempt Spanish with a Russian accent. ChatGPT advanced voice mode may refuse to sing (unless you jailbreak it) but it's quite happy to attempt different accents. I've been having a lot of fun with that:

I need you to pretend to be a California brown pelican with a very thick Russian accent, but you talk to me exclusively in Spanish

¡Oye, camarada! Aquí está tu pelícano californiano con acento ruso. ¿Qué tal, tovarish? ¿Listo para charlar en español?

How was your day today?

¡Mi día ha sido volando sobre las olas, buscando peces y disfrutando del sol californiano! ¿Y tú, amigo, cómo ha estado tu día?

# 7:21 pm / openai, generative-ai, text-to-speech, chatgpt, ai, llms

LLM Pictionary. Inspired by my SVG pelicans on a bicycle, Paul Calcraft built this brilliant system where different vision LLMs can play Pictionary with each other, taking it in turns to progressively draw SVGs while the other models see if they can guess what the image represents.

# 8:19 pm / vision-llms, svg, generative-ai, ai, llms

Mastodon discussion about sandboxing SVG data. I asked this on Mastodon and got some really useful replies:

How hard is it to process untrusted SVG data to strip out any potentially harmful tags or attributes (like stuff that might execute JavaScript)?

The winner for me turned out to be the humble <img src=""> tag. SVG images that are rendered in an image have all dynamic functionality - including embedded JavaScript - disabled by default, and that's something that's directly included in the spec:

2.2.6. Secure static mode

This processing mode is intended for circumstances where an SVG document is to be used as a non-animated image that is not allowed to resolve external references, and which is not intended to be used as an interactive document. This mode might be used where image support has traditionally been limited to non-animated raster images (such as JPEG and PNG.)

[...]

'image' references

An SVG embedded within an 'image' element must be processed in secure animated mode if the embedding document supports declarative animation, or in secure static mode otherwise.

The same processing modes are expected to be used for other cases where SVG is used in place of a raster image, such as an HTML 'img' element or in any CSS property that takes an data type. This is consistent with HTML's requirement that image sources must reference "a non-interactive, optionally animated, image resource that is neither paged nor scripted" [HTML]

This also works for SVG data that's presented in a <img src="data:image/svg+xml;base64,... attribute. I had Claude help spin me up this interactive demo:

Build me an artifact - just HTML, no JavaScript - which demonstrates embedding some SVG files using img src= base64 URIs

I want three SVGs - one of the sun, one of a pelican and one that includes some tricky javascript things which I hope the img src= tag will ignore

Screenshot of SVG demo page showing three examples: "Simple Sun SVG" with a yellow circular sun and rays, "Pelican SVG" with a gray stylized bird shape, and "SVG with JavaScript (ignored)" showing a coral-colored square with text "JS Ignored". Page titled "SVG Base64 Embedding Demo". Each example includes descriptive text explaining its purpose.

If you right click and "open in a new tab" on the JavaScript-embedding SVG that script will execute, showing an alert. You can click the image to see another alert showing location.href and document.cookie which should confirm that the base64 image is not treated as having the same origin as the page itself.

# 8:51 pm / svg, mastodon, ai-assisted-programming, security, sandboxing

As an independent writer and publisher, I am the legal team. I am the fact-checking department. I am the editorial staff. I am the one responsible for triple-checking every single statement I make in the type of original reporting that I know carries a serious risk of baseless but ruinously expensive litigation regularly used to silence journalists, critics, and whistleblowers. I am the one deciding if that risk is worth taking, or if I should just shut up and write about something less risky.

Molly White

# 10:07 pm / law, molly-white, blogging, journalism