darylldoyle/svg-sanitizer

Issues

• Whitelist attribute xml:space not recognised

  #64 opened 3 years ago by Bersman
  4

• Incorrect W3C namespace in XML is allowed

  #93 opened a year ago by miicah
  1

• Escaped css selector names in SVGs break the parser

  #91 opened a year ago by Watercycle
  1

• Sanitizer::removeRemoteReferences doesn't remove remote images

  #94 opened a year ago by irauta
  2

• Support PHP 8.4

  #109 opened 3 months ago by lolli42
  0

• ,

  #106 opened 3 months ago by wpexpress
  1

• Is it possible to preserve white spaces?

  #107 opened 5 months ago by mrmacete
  0

• [Question/Feature] make Sanitizer aware of currently processes tags and have a list of allowed attributes per element

  #105 opened 5 months ago by medarob
  0

• Is it possible to add 'animate' and 'set' to allowed Tags?

  #103 opened 5 months ago by m-kappenberg
  3

• Valid attributes for animations are removed

  #85 opened 5 months ago by BluechipZellAmSee
  3

• Using this library with GPLv3 project

  #100 opened 9 months ago by devishke-orange
  1

• SVG files greater than 10Mb won't be sanitized

  #96 opened 9 months ago by dkotter
  2

• Compatibility with PHP 8.3

  #97 opened 9 months ago by marchukvitaliy
  1

• API method for validating if an existing SVG is safe

  #95 opened a year ago by davereid
  0

• Requesting more details on GHSA-xrqq-wqh4-5hg2 (CVE-2023-28426)

  #88 opened a year ago by ohader
  10

• Requesting more details on GHSA-fqx8-v33p-4qcc (CVE-2022-23638)

  #71 opened 2 years ago by ohader
  1

• [ask] it's possible to use on php 5.6 ?

  #80 opened 2 years ago by derryberni
  3

• Why are HTML and MathML elements allowed?

  #74 opened 2 years ago by zcorpan
  1

• suspicious node svg

  #82 opened 2 years ago by brianteeman
  0

• Safelist to allow image elements in href attributes for SVGs

  #49 opened 4 years ago by rebeccahum
  3

• Using library as SVG validator

  #78 opened 3 years ago by frank-miller9
  0

• Removing DOCTYPE breaks entities

  #30 opened 5 years ago by alex40724
  3

• CDATA section is removed

  #70 opened 3 years ago by jkanape
  1

• Convert standalone scanner to be proper Symfony console application

  #58 opened 3 years ago by ohader
  0

• Allow attributes that Adobe Illustrator export makes

  #63 opened 3 years ago by Bersman
  2

• Add filterUnits to allowed attributes

  #40 opened 3 years ago by joshuabaker
  0

• Check/Remove unused id-attributes

  #67 opened 3 years ago by xerc
  5

• libxml_disable_entity_loader is deprecated

  #66 opened 3 years ago by letharion
  1

• suggestion/ remove first line; <?xml

  #51 opened 3 years ago by xerc
  3

• Demo website not using https

  #48 opened 3 years ago by tackc
  1

• Remove doctype node after node elements have been analyzed

  #52 opened 3 years ago by ohader
  0

• Add GitHub actions

  #54 opened 3 years ago by ohader
  0

• Standalone scanning of files via CLI throwns Uncaught Error: Class with XPath

  #43 opened 3 years ago by 30129071
  1

• Check out mask-type attribute

  #27 opened 6 years ago by darylldoyle
  1

• Support PHP 8

  #46 opened 3 years ago by angrybrad
  1

• Change the license type to MIT or to Apache 2.0 or to the double license GPL v2 + MIT or GPL v2 + Apache 2

  #56 opened 3 years ago by redikultsevsilver
  3

• Empty hrefs filling up the log

  #39 opened 4 years ago by mwittstrom
  1

• "Cannot add self usage" error

  #35 opened 5 years ago by angrybrad
  2

• SVG emptied on sanitize

  #37 opened 5 years ago by AndrassGray
  4

• Stripping out <animate> tag

  #26 opened 5 years ago by cr0ybot
  2

• XSS bypass using entities and tab

  #31 opened 5 years ago by dinhbaouit
  10

• Update some related reference

  #33 opened 5 years ago by tsug0d
  1

• Create new release tag for xss fix

  #32 opened 5 years ago by larowlan
  2

• Possible race condition leading to XXE in SVG parser?

  #29 opened 5 years ago by gquere
  3

• Question: why not to use kses?

  #23 opened 6 years ago by markkap
  2

• "HTTP error" message when uploading

  #22 opened 6 years ago by richb-hanover
  2

• Q: Are you aware of things this library does not catch?

  #19 opened 6 years ago by tomjn
  2

• A project utilising svg-sanitizer is violating your license

  #20 opened 6 years ago by russelg
  1

• `<use...>` shouldn't be removed

  #16 opened 7 years ago by kent1D
  1

• SVG sanitizing strips out ARIA attributes

  #13 opened 7 years ago by darylldoyle
  0