Additional example svgs that are fine
spand opened this issue · comments
First is pretty simple
https://static.hltv.org/images/team/logo/7533
Second is quite an abomination but 🤷♂️
https://www.ence.gg/static/ence-logo-36cd4ceaf070fea48f966b446d2838de.svg
hi @spand! Sure, we can add them to tests sources!
Do You want me to make PR or maybe You want to contribute? :)
@spand are those graphic royalty free? I don't want to have any images-right issues ;)
They are trademarks so I am not sure if they are subject to any issues.
Ok, I'll add them today ;)
@spand it won't be as easy as i thought :( first image uses deprecated svg filter: https://developer.mozilla.org/en-US/docs/Web/SVG/Attribute/enable-background. I see three options:
- add option to enable custom parameters/attributes (i think it could lead to security issues)
- user of the library could ignore some of found errors
- create some additional rules and validate enable-background property
Is this crucial for you that theese images pass validations?
Thanks for taking a look.
In a sense yes but maybe you are aiming for a different level of "validity" than my task requires so I will not ask you to implement this. I just need to check if its a harmful svg or not. I would not particularly care how broken an svg it is.
@spand I agree with you. This library purpose should be focused on security only. If you give me few days I would be happy to help you out and add support for provided use cases. What do You think about it? :)
That would be nice !
@spand I'll do my best to create a PR as fast as possible ;)
@spand https://github.com/bgalek/safe-svg/pull/5/files I've added your examples, and created an easy way for this library to cover upcoming unusal properties ;)
@spand just released 1.1.1 It will be available in few hours ;)
👍 I will try to see how it works with the rest of our collection of logos.
https://static.hltv.org/images/team/logo/10150
https://static.hltv.org/images/team/logo/10386
https://static.hltv.org/images/team/logo/10419
https://static.hltv.org/images/team/logo/10419
https://static.hltv.org/images/team/logo/10738
https://static.hltv.org/images/team/logo/2721
https://static.hltv.org/images/team/logo/9797
And then there are these with xml from another namespace. Not sure if this can be considered always safe or not ? My guess would be yes but I guess this is where it shows its not an XML validator you are using.
https://static.hltv.org/images/team/logo/4475
https://static.hltv.org/images/team/logo/4869
https://static.hltv.org/images/team/logo/9263
maybe optimizing/normalization of svg would help with your examples?
https://jakearchibald.github.io/svgomg/ ?