Skip to content

Improve SVG sanitizer to handle namespaced attributes

Gabriel Mazetto requested to merge bug/svg_sanitizer into master

What does this MR do?

  • Small refactor in the SVG sanitizer
  • Enable already whitelisted namespaced attributes to be allowed
  • Disable xlink:hrefto reference any external resource

Fixes #18100 (closed) cc @stanhu

Are there points in the code the reviewer needs to double check?

Old code had no tests, this one adds minimal specs.

What are the relevant issue numbers?

Screenshots (if relevant)

Before:

before

After:

after

Merge request reports

Loading