Comment 10 for bug 1002439

A security engineer for the Wikimedia Foundation got back to me today, and I hope he won't mind me adding part of his reply:

> I was able to reproduce your work with Inkscape, and I agree, this is
>something that Inkscape should fix. I tested a number of other viewers,
> and none showed similar behavior.

He says he'll look into filtering out entities on the server side, since Wikipedia publishes a lot of SVG images, and Inkscape is likely to be popular amongst contributors.