What's the difference between xdomain-svg-editor and svg-editor?

[Sergey-Ryabov]

Could you explain conceptual differences?
I downloaded svgedit and tried it out. Version from editor/svg-editor.html works good, but xdomain-svg-editor.html doesn't work.
Which files should I remove if I want use only svg-editor.html? Is there some some guide for it?

[brettz9]

The cross-domain editor allows, when the editor/extensions/ext-xdomain-messaging.js is in use, other websites to be able to control the editor.

The xdomain-svg-editor.html should probably never be used as is, since its config allows any origin to control it, but it demonstrates how one can permit other origins (e.g., those under one's control or trusted, or subject to user control) to control the editor. (Its use shouldn't impact svg-editor.html-created content though as its config defaults to pointing to a different storage namespace.)

You can see the differences more precisely by looking at the config differences in their uncompiled JS entrance files:

• editor/xdomain-svgedit-config-es.js
• svgedit-config-es.js

The distinct aspect is the allowedOrigins config. Searching the source files, there is this explanation:

Used by ext-xdomain-messaging.js to indicate which origins are permitted for cross-domain messaging (e.g., between the embedded editor and main editor code). Besides explicit domains, one might add '*' to allow all domains (not recommended for privacy/data integrity of your user's content!), window.location.origin for allowing the same origin (should be safe if you trust all apps on your domain), 'null' to allow file:/// URL usage

While you can remove other HTML files, there is no guide for which files are needed beyond looking at what files the HTML includes (and if using the ESM editors--modern browsers only--what files its JavaScript imports).

As far as an error in using the xdomain editor, it is always helpful to know if you are getting a browser console error.