Class: SvgSentinel::Sanitizer
- Inherits:
-
Object
- Object
- SvgSentinel::Sanitizer
- Includes:
- Rules
- Defined in:
- lib/svg_sentinel/sanitizer.rb
Overview
Rewrites an SVG into a safe one, using the same allowlist and scheme rules the Scanner reports against (both mix in Rules, so they cannot disagree).
It removes what it can fix - scripting and foreign elements, event-handler and dangerous-URI attributes, and dangerous CSS - and returns the cleaned SVG as a String. When the input carries a structural threat that cannot be rewritten safely (a DTD, a use bomb, oversize or malformed input, a non-
Removal, not repair, is the rule for CSS: a