Update SVG sanitizer to conform to SVG 1.1
Original SVG sanitizer would strip out necessary elements and attributes.
Use a custom Loofah scrubber since sanitize 2.x transformers are inadequate to handle case-sensitive SVG attributes since they parse documents as HTML instead of XML, which causes all SVG attribute names (e.g. viewBox
) to be downcased.
- SVG element list: https://www.w3.org/TR/SVG/eltindex.html
- SVG attribute list: https://www.w3.org/TR/SVG/attindex.html
Closes #14555 (closed)