Check if a string or buffer is SVG
License: MIT License
Check if a string is SVG
npm install is-svgimport isSvg from 'is-svg';
isSvg('<svg xmlns="http://www.w3.org/2000/svg"><path fill="#00CD9F"/></svg>');
//=> true
C:\Users\xmr\Desktop\foo>node -v && npm -v
v10.13.0
6.4.1
C:\Users\xmr\Desktop\foo>npm ls is-svg
[email protected] C:\Users\xmr\Desktop\foo
`-- [email protected]
`-- [email protected]
`-- [email protected]
[09:45:14] TypeError: buf.charCodeAt is not a function
at isBinary (C:\Users\xmr\Desktop\foo\node_modules\is-svg\index.js:8:41)
at module.exports.input (C:\Users\xmr\Desktop\foo\node_modules\is-svg\index.js:20:46)
at Function.buffer [as svgo] (C:\Users\xmr\Desktop\foo\node_modules\imagemin-svgo\index.js:8:7)
at gulp.task (C:\Users\xmr\Desktop\foo\gulp\tasks\production\optimize-images.js:15:22)
at taskWrapper (C:\Users\xmr\Desktop\foo\node_modules\undertaker\lib\set-task.js:13:15)
at tempTask (C:\Users\xmr\Desktop\foo\node_modules\undertaker-forward-reference\index.js:13:17)
at bound (domain.js:396:14)
at runBound (domain.js:409:12)
at asyncRunner (C:\Users\xmr\Desktop\foo\node_modules\async-done\index.js:55:18)
at process._tickCallback (internal/process/next_tick.js:61:11)
This worked with the previous version so I'm trying to pinpoint the cause.
/CC @sindresorhus for ideas
const isSvg = require("is-svg")
// svg from 'https://upload.wikimedia.org/wikipedia/commons/0/0e/Biochem_reaction_arrow_forward_NNNN_horiz_med.svg'
const svg = `
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
xmlns="http://www.w3.org/2000/svg"
width="75"
height="75"
version="1.1"
><g>
<path
style="fill:#000000;stroke:none"
d="m 67,34.5 0,2 -67,0 0,2 67,0 0,2 8,-3 -8,-3 z"
/></g>
</svg>
`
isSvg(svg) // false but should be trueline breaks are the problem I think.
Good day!
Currently I can not build my frontend app because create-react-app fails to minify ./node_modules/is-svg/index.js:7 .
For what it's worth, I'm gona copy and paste this code straight to my /src and resolve issue in that way, but I thought you ought to know.
is-svg returns false for the following svg:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"
[ <!ENTITY Smile "
<rect x='.5' y='.5' width='29' height='39' fill='black' stroke='red'/>
<g transform='translate(0, 5)'>
<circle cx='15' cy='15' r='10' fill='yellow'/>
<circle cx='12' cy='12' r='1.5' fill='black'/>
<circle cx='17' cy='12' r='1.5' fill='black'/>
<path d='M 10 19 A 8 8 0 0 0 20 19' stroke='black' stroke-width='2'/>
</g>
">
<!ENTITY Viewport1 "<rect x='.5' y='.5' width='49' height='29'
fill='none' stroke='blue'/>">
<!ENTITY Viewport2 "<rect x='.5' y='.5' width='29' height='59'
fill='none' stroke='blue'/>">
]>
<svg width="850px" height="700px" version="1.1"
xmlns="http://www.w3.org/2000/svg">
<g transform="matrix(16,0,0,16,0,0)">
&Smile;
</g>
</svg>
It's a SVG I took from the internet, can you tell me why this is an invalid SVG?
Please update the dependency on ava to 4.x
If your Doctype declaration contains a markup declaration is-svg fails.
I know that this package only does a quick-and-dirty check and you'd might call this an ignorable edge-case. The problem is that the default export from at least Illustrator CS4 (I know, old, but probably still not that rare) creates this...
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 14.0.0, SVG Export Plug-In -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [
<!ENTITY ns_flows "http://ns.adobe.com/Flows/1.0/">
]>
<svg version="1.1"
xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:a="http://ns.adobe.com/AdobeSVGViewerExtensions/3.0/"
x="0px" y="0px" width="300px" height="300px" viewBox="-62.324 -49.991 300 300" enable-background="new -62.324 -49.991 300 300"
xml:space="preserve">
<defs>
</defs>
<rect x="0.5" y="0.5" fill="#FFFFFF" stroke="#000000" width="171.383" height="171.383"/>
</svg>
... where <!ENTITY ns_flows "http://ns.adobe.com/Flows/1.0/"> makes is-svg fail
I noticed this because this makes imagemin-svgo ignore those files.
I realize that you would need to have the entire SVG string to know if it is a valid SVG file, but as the readme says, this is meant to be more of a quick and dirty check than a full validation.
The API could be similar to the file-type.stream() function although it would be hard to know how many bytes of the stream to consume before testing.
Thoughts?
This file fails for me: fail.svg.zip
Example:
<svg xmlns="http://www.w3.org/2000/svg"
width="100%" height="100%" viewBox="0 0 400 400"
direction="rtl" xml:lang="fa">
<title direction="ltr" xml:lang="en">Right-to-left Text</title>
<desc direction="ltr" xml:lang="en">
A simple example for using the 'direction' property in documents
that predominantly use right-to-left languages.
</desc>
<text x="200" y="200" font-size="20">داستان SVG 1.1 SE طولا ني است.</text>
</svg>import isSvg from 'is-svg';
isSvg('<svg/>');but this works
const isSvg = require('is-svg');Hi and thanks a lot for this useful module!
I have a case where using is-svg is very very slow, maybe infinite.
It's not an SVG file, it's a JS. Here is a gist. I truncated the JS file to keep only the specific part that causes the problem. (It's not a valid script anymore, but that's not the problem.)
The problem seems to be in the html comments removal:
buf.toString().replace(htmlCommentRegex, '')I suppose it's a problem with the regexp, as I've already had some problems with infinite regexp on V8 in the past. I tested against Node 4.1.2 and 6.3.0.
Maybe a temporary fix would be to start testing against a very minimalist regexp (such as /<svg/) before removing the comments.
A vulnerability was discovered in IS-SVG version 4.3.1 and below where a Regular Expression Denial of Service (ReDOS) occurs if the application is provided and checks a crafted invalid SVG string.
Source: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-29059
I'm not an expert in this kind of vulnerabilities, but I've recognized the warnings coming up and wanted to let you know as I've recognized that this topic hasn't been mentioned and/or discussed here.
This example would fail:
<!-- Generator: Some Graphic Design Software -->
<svg version="1.1">
</svg>
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.