Don't inject dynamic values in SVG

Question

Don't inject dynamic values in SVG

Closed this issue 6 years ago · 0 comments

The code shouldn't be vulnerable to SVG injection because the only external data that I insert are colors, and I sanitize them. However, this approach is fragile, scales poorly if I want to insert other values (like font styles in #13), and is bad practice. I should use DOM instead.