You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So, maybe it's possible to add a proper structured parsing and make the Sanitizer aware of the currently processed element and have a list of allowed attributes per element?
For now I patched it in the global list which allows the to attribute for all tags.
The text was updated successfully, but these errors were encountered:
It seems that the Sanitizer checks/allows all attributes for every tag, no matter if the attribute will be used for this tag or not.
This is why the
to
attribute is not allowed because it can be a security issue for certain tags.However, the
to
attribute seems to be not problematic for the<animateTransform>
tag, so it should be allowed in this context.#85 (comment)
Using TYPO3, the approach described in the comment seems to be not possible (so I was told) because of:
https://github.com/TYPO3/typo3/blob/f086b0dff39786f3f2825c7f3a7275f88726020a/typo3/sysext/core/Classes/Resource/Security/SvgSanitizer.php#L50-L52
So, maybe it's possible to add a proper structured parsing and make the Sanitizer aware of the currently processed element and have a list of allowed attributes per element?
For now I patched it in the global list which allows the
to
attribute for all tags.The text was updated successfully, but these errors were encountered: