Additional example svgs that are fine

Question

Additional example svgs that are fine

spand opened this issue 4 years ago · comments

spand commented 4 years ago

First is pretty simple
https://static.hltv.org/images/team/logo/7533

Second is quite an abomination but 🤷‍♂️
https://www.ence.gg/static/ence-logo-36cd4ceaf070fea48f966b446d2838de.svg

Bartosz Gałek · Answer 1 · Tue Aug 25 2020 17:43:12 GMT+0800 (China Standard Time)

hi @spand! Sure, we can add them to tests sources!
Do You want me to make PR or maybe You want to contribute? :)

Bartosz Gałek · Answer 2 · Tue Aug 25 2020 17:53:50 GMT+0800 (China Standard Time)

@spand are those graphic royalty free? I don't want to have any images-right issues ;)

spand · Answer 3 · Tue Aug 25 2020 18:48:05 GMT+0800 (China Standard Time)

They are trademarks so I am not sure if they are subject to any issues.

Bartosz Gałek · Answer 4 · Tue Aug 25 2020 19:10:18 GMT+0800 (China Standard Time)

Ok, I'll add them today ;)

Bartosz Gałek · Answer 5 · Tue Aug 25 2020 21:07:13 GMT+0800 (China Standard Time)

@spand it won't be as easy as i thought :( first image uses deprecated svg filter: https://developer.mozilla.org/en-US/docs/Web/SVG/Attribute/enable-background. I see three options:

add option to enable custom parameters/attributes (i think it could lead to security issues)
user of the library could ignore some of found errors
create some additional rules and validate enable-background property

Is this crucial for you that theese images pass validations?

spand · Answer 6 · Wed Aug 26 2020 16:09:17 GMT+0800 (China Standard Time)

Thanks for taking a look.

In a sense yes but maybe you are aiming for a different level of "validity" than my task requires so I will not ask you to implement this. I just need to check if its a harmful svg or not. I would not particularly care how broken an svg it is.

Bartosz Gałek · Answer 7 · Wed Aug 26 2020 16:35:40 GMT+0800 (China Standard Time)

@spand I agree with you. This library purpose should be focused on security only. If you give me few days I would be happy to help you out and add support for provided use cases. What do You think about it? :)

spand · Answer 8 · Wed Aug 26 2020 16:41:37 GMT+0800 (China Standard Time)

That would be nice !

Bartosz Gałek · Answer 9 · Wed Aug 26 2020 16:44:00 GMT+0800 (China Standard Time)

@spand I'll do my best to create a PR as fast as possible ;)

Bartosz Gałek · Answer 10 · Thu Aug 27 2020 05:24:00 GMT+0800 (China Standard Time)

@spand https://github.com/bgalek/safe-svg/pull/5/files I've added your examples, and created an easy way for this library to cover upcoming unusal properties ;)

Bartosz Gałek · Answer 11 · Thu Aug 27 2020 05:37:33 GMT+0800 (China Standard Time)

@spand just released 1.1.1 It will be available in few hours ;)

spand · Answer 12 · Thu Aug 27 2020 13:54:00 GMT+0800 (China Standard Time)

👍 I will try to see how it works with the rest of our collection of logos.

Bartosz Gałek · Answer 13 · Thu Aug 27 2020 14:00:51 GMT+0800 (China Standard Time)

Please do! I'll be more than happy to help :)

spand · Answer 14 · Thu Aug 27 2020 18:42:49 GMT+0800 (China Standard Time)

https://static.hltv.org/images/team/logo/10150
https://static.hltv.org/images/team/logo/10386
https://static.hltv.org/images/team/logo/10419
https://static.hltv.org/images/team/logo/10419
https://static.hltv.org/images/team/logo/10738
https://static.hltv.org/images/team/logo/2721
https://static.hltv.org/images/team/logo/9797

And then there are these with xml from another namespace. Not sure if this can be considered always safe or not ? My guess would be yes but I guess this is where it shows its not an XML validator you are using.
https://static.hltv.org/images/team/logo/4475
https://static.hltv.org/images/team/logo/4869
https://static.hltv.org/images/team/logo/9263

Bartosz Gałek · Answer 15 · Thu Aug 27 2020 18:52:08 GMT+0800 (China Standard Time)

maybe optimizing/normalization of svg would help with your examples?
https://jakearchibald.github.io/svgomg/ ?