py-svg-hush is a Python package for sanitizing SVG files using the svg-hush Rust library.
py-svg-hush requires Python 3.7 or later. You can install it using pip:
pip install py-svg-hush
from py_svg_hush import filter_svg
svg_bytes = b"""
<svg xmlns="http://www.w3.org/2000/svg">
<script>alert('Malicious script')</script>
</svg>
"""
keep_data_url_mime_types = {
"image": ["jpeg", "png", "gif"],
}
sanitized_svg = filter_svg(svg_bytes, keep_data_url_mime_types)
The filter_svg
function sanitizes SVG data by removing potentially malicious elements and attributes, as well as restricting the allowed MIME types of data: URLs in the SVG. It is a simple wrapper around the underlying Rust function.
svg (bytes)
: The SVG data to be filtered.keep_data_url_mime_types (Optional[Dict[str, List[str]]])
: A dictionary that maps MIME types to lists of allowed subtypes for data: URLs in the SVG. If a data: URL's MIME type and subtype are not in the dictionary it will be dropped. If this parameter is None, all data: URLs are dropped.
(bytes)
: The sanitized SVG data.
ValueError
: If there is an error processing the SVG data.TypeError
: If any of the arguments are of the wrong type.
To set up a development environment for py-svg-hush, you can use the following steps:
Clone the repository:
git clone git@github.com:jams2/py-svg-hush.git
Install development dependencies:
pip install .[dev,testing]
Build the Rust library, resulting in a Python module:
maturin develop
Run tests:
pytest