Class: SvgSentinel::Sanitizer

Inherits:
Object
  • Object
show all
Includes:
Rules
Defined in:
lib/svg_sentinel/sanitizer.rb

Overview

Rewrites an SVG into a safe one, using the same allowlist and scheme rules the Scanner reports against (both mix in Rules, so they cannot disagree).

It removes what it can fix - scripting and foreign elements, event-handler and dangerous-URI attributes, and dangerous CSS - and returns the cleaned SVG as a String. When the input carries a structural threat that cannot be rewritten safely (a DTD, a use bomb, oversize or malformed input, a non- root), it returns nil: the caller must reject, not serve.

Removal, not repair, is the rule for CSS: a