Comments (3)
The svg is valid, according to W3C standards. The issue has to do with the regex being used:
/^\s*(?:<\?xml[^>]*>\s*)?(?:<!doctype svg[^>]*\s*(?:\[?(?:\s*<![^>]*>\s*)*\]?)*[^>]*>\s*)?(?:<svg[^>]*>[^]*<\/svg>|<svg[^/>]*\/\s*>)\s*$/i
As it is, due to this part of the expression: \[?(?:\s*<![^>]*>\s*)*\]
it does not allow for markup to be included in an Entity's internal subset. If you remove them, isSvg() returns true
.
To fix this we could simply remove >
has a forbidden character to occur inside the square brackets of the doctype tag (with the end expression being: /^\s*(?:<\?xml[^>]*>\s*)?(?:<!doctype svg[^>]*\s*(?:\[?(?:\s*<![^]*>\s*)*\]?)*[^>]*>\s*)?(?:<svg[^>]*>[^]*<\/svg>|<svg[^/>]*\/\s*>)\s*$/i
Or update the regex to allow for markup. I tried to come up with something. but allowing for markup would mean we would need to allow for pretty much anything. So I went with allowing any content to be added when inside double quotes. Like so:
/^\s*(?:<\?xml[^>]*>\s*)?(?:<!doctype svg[^>]*\s*(?:\[?(?:\s*<!\s*[^]*(?:\"[^]*\")*\s*>\s*)*\]?)*[^>]*>\s*)?(?:<svg[^>]*>[^]*<\/svg>|<svg[^/>]*\/\s*>)\s*$/i
But this would make the function even dirtier as it would allow for any type of scrap to happen inside the doctype tag. Are any of these solutions viable? Any ideas? I can open a PR and address this.
from is-svg.
@eluisfonseca How about a regex that strips out markup (or just everything) from inside the entity before running the detection?
from is-svg.
Good idea. So we'll do no check of the entity's content and just remove it and then just validate the what is left. I'll look into it.
from is-svg.
Related Issues (15)
- Very long (inifinite?) response time HOT 7
- Fails on markup declarations in Doctype declaration
- Doesn't support non english characters in text node HOT 1
- Detection fails on some files
- Detections fails on SVGs with comments HOT 1
- publishing pre-compiled package HOT 2
- Syntax error on IE11 HOT 1
- TypeError: buf.charCodeAt is not a function HOT 1
- Support detection of a stream? HOT 2
- "export 'default' (imported as 'isSvg') was not found in 'is-svg' HOT 3
- A vulnerability has been reported: CVE-2021-29059 HOT 6
- False negativ
- Update ava build dependency to latest version HOT 2
- Getting error for import with es6 and commonjs both HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from is-svg.