User:JoKalliauer/IllegalSVGPattern
Jump to navigation
Jump to search
The following patters are not allowed
namespaces
[edit]relevant part
[edit]xmlns:d="http://www.w3.org/2000/02/svg/testsuite/description/"
xmlns="http://www.w3.org/1999/xhtml"
xmlns="http://www.example.org/notsvg"
xmlns="http://example.org/notsvg"
xmlns:bd="http://example.org/ExampleBusinessData"
examples
[edit]
<d:SVGTestCase xmlns:d="http://www.w3.org/2000/02/svg/testsuite/description/"
template-version="1.4" reviewer="CN" author="VH" status="accepted"
version="$Revision: 1.7 $" testname="$RCSfile: animate-elem-39-t.svg,v $">
<d:testDescription xmlns="http://www.w3.org/1999/xhtml" href="http://www.w3.org/TR/SVG11/animate.html#Animation">
<s:g xmlns="http://www.example.org/notsvg" xmlns:s="http://www.w3.org/2000/svg">
<s:circle cx="240" cy="180" r="130" fill="#FF6"/>
<circle cx="240" cy="180" r="150" fill="#369"/>
</s:g>
<a xmlns="http://example.org/notsvg" xmlns:xlink="http://example.org/notxlink" xlink:href="../images/linkingToc-t.svg">Invalid</a>
<g xmlns:bd="http://example.org/ExampleBusinessData" xmlns="http://www.w3.org/2000/svg">
automatic Workaround
[edit]sed -ri "s/ <d:SVGTestCase xmlns:d=\"https:\/\/backend.710302.xyz:443\/http\/www.w3.org\/2000\/02\/svg\/testsuite\/description\/\"/ <d:SVGTestCase xmlns:d=\"https:\/\/backend.710302.xyz:443\/http\/www.w3.org\/2000\/svg\" xmlnsd=\"https:\/\/backend.710302.xyz:443\/http\/www.w3.org\/2000\/02\/svg\/testsuite\/description\/\"/" $file
sed -ri "s/ xmlns=\"https:\/\/backend.710302.xyz:443\/http\/www.w3.org\/1999\/xhtml\"/ xmlnsDeactivated=\"https:\/\/backend.710302.xyz:443\/http\/www.w3.org\/1999\/xhtml\"/" $file
sed -ri "s/ xmlns(|:bd)=\"http:\/\/(www.|)example.org\/[[[:alpha:]]*\"/ xmlns\1=\"https:\/\/backend.710302.xyz:443\/http\/www.inkscape.org\/namespaces\/inkscape\"/" $file
external content
[edit]relevant part
[edit]xlink:href="../resources/SVGFreeSans.svg#ascii"
xlink:href="animate-elem-09-t.svg"
xlink:href="url(#testPattern)"
<image xlink:href="http://example.org/image.jpg"/>
<d:testDescription href="http://www.w3.org/TR/SVG11/styling.html#StylingWithCSS">
<image xlink:href="data:image/svg+xml;base64,"/>
<feImage xlink:href="../images/image.png"/>
<image id="image1" x="8" y="8" width="64" height="64" xlink:href="data:;base64,
/9j/4AAQSkZJRgABAQIAGAAYAAD">
examples
[edit] <font-face-uri xlink:href="../resources/SVGFreeSans.svg#ascii"/>
<a xlink:href="animate-elem-09-t.svg" text-anchor="middle" font-size="30">
<use x="100" y="100" xlink:href="url(#testPattern)" />
<image id="i" xlink:href="http://example.org/image.jpg" width="1" height="1"/>
<d:testDescription xmlns="http://www.w3.org/1999/xhtml" href="http://www.w3.org/TR/SVG11/styling.html#StylingWithCSS">
<image xlink:href="data:image/svg+xml;base64,H4sICA/BlksCA3N0YXIuc3ZnAMVUwW7bMAw9d8D+QVAvLeDIkiha0mDn0A7oZcMO
Wz/Aa+zUgGsHttq0+/pRTtwkwLBuwIAhcPRIihT5RCofn9bsqam2V/1zwSWTTGfT
x9nzQ9uNBb8PYfMhTbfbrdiC6Id1qqWUKfnx5ft3jOWrqh4nRLhu2lANrFkV/Hv7
OPC9Plqqm/JxHJuyuyIDG8PqY/XUlKHpu4IrkfF0jpHugsxi23RVOdwM5aqpujCF
bteKs/Ve820ou7Huh4eCP5RhaJ4vQKDJtLOQSPodpIWzVmgrHUGPWhhvrLmkQlXB
wdM+q4zh7CWKTgqtPABZdRRRAJmRrCQaBULazLhDFrddE4isx7Eavm7Ku+pLdztW
fDlXP4Z+w+Lf4q5v+6Hg53Vd852mp/1NeCH2BQXs63qsAgmvhPyx+8FZTc5nZ3l6
yt7MaRTL9oTTIXJKkUELjd4hvFXbby5gIYWVkkh3iRaZMtZpopw4M2i0NQnZncqk
8okymROgVZYstEbhNRpPN3JHvQgS6AqM9iRSdaA0OTnLWX1qrI+NO8LPfkmY/Aty
5Rvk7jv1lMfdOKSv85CvWThwM8G2DNXFAoynZqNuJFKoJS1ljpfzrOSbMtwfO77V
1YhOKGk8Rct8JjJEE7ua7vQzAyIeaKA/Me19AggRUf+D1RPSCRgXEZIV3KyDycOZ
BCTOvjoi0KRTPiJFScCE9mf8oLuYJpdaZWgvzuMDcHkY639UFh3R7g+glv0/dZ7W
dJRRe8jIoErAWfIzBhN6aCJSNjEO2TXpdGK8ZsYqWpGh3K3XDGkqJg1ktBqGGHcq
8kZPeyBmh5IiYhYj7k+Zc8rTNa15fJ2XPwFubI+E2wUAAA==" width="200" height="200" x="130" y="70"/>
<filter id="filter1">
<feImage xlink:href="../images/image.png"/>
</filter>
<image id="image1" x="8" y="8" width="64" height="64" xlink:href="data:;base64,
/9j/4AAQSkZJRgABAQIAGAAYAAD/2wBDAAMCAgMCAgMDAwMEAwMEBQgFBQQEBQoHBwYIDAoMDAsK
<[.XXX.]>
Xq56p31CMg8UDxMZkIz3oTQaos1o1jd3GwbdQVWamp5uv//Z"/>
Error-Message
[edit]Found href to unsafe data: URI target <image http://www.w3.org/1999/xlink:href="data:image/svg+xml;base64, <[.XXX.]> "> in the uploaded SVG file.
<a> elements can only link (href) to data: (embedded file), http:// or https://, or fragment (#, same-document) targets. For other elements, such as <image>, only data: and fragment are allowed. Try embedding images when exporting your SVG. Found <image http://www.w3.org/1999/xlink:href=" <[.XXX.]> ">.
automatic Workaround
[edit]sed -ri "s/:href=(\"|')([[:lower:]\.]+)([-[:alnum:]\/\.#_:]*)(\"|')/href=\1\2\3\4/" $file
sed -ri "s/ xlink:href=\"url\(\#([[:alpha:]]*)\)\"/ xlink:href=\"\#\1\"/" $file
sed -ri "s/<(d:testDescription) ([[:alnum:]:\"=\/. ]*)href=\"([[htp\.\/]]*)/<\1 \2hrefDeactivated=\"\3/" $file
sed -ri "s/[[:blank:]]xlink:href=\"data:(image\/svg\+xml|);base64,/ xlink:href=\"data:image\/jpeg;base64,/" $file
set/animate
[edit]relevant part
[edit]<set attributeName="xlink:href"/>
<animate attributeName="xlink:href"/>
<set xlink:href='#s'/>
<set attributeName='xlink:href'/>
examples
[edit] <set attributeName="xlink:href" to="animate-elem-02-t.svg" begin="1s;showAnchor.end+1s" dur="1s"/>
<animate attributeName="xlink:href" to="#r2" begin="2s" dur="2s" fill="freeze"/>
<set xlink:href='#s' attributeName='xlink:href' to='../images/f.js' dur='100s'/>
automatic Workaround
[edit]sed -ri "s/<(animate|set)([[:alpha:]=\"':# ]*) attributeName=(\"|')xlink:href(\"|')/<\1\2 attributeName=\3xlinkDeactivated\4/" $file
sed -ri "s/<set([[:alpha:] =\"]*) xlink:href=/<set\1 xlinkDeactivated=/" $file
<style type="text/css">
[edit]relevant part
[edit]@import
url("../images/selector-types-visibility-hidden.css")
url(woffs/embeded-text-text-05.woff)
examples
[edit]
<style type="text/css"><![CDATA[
@import url("../images/selector-types-visibility-hidden.css");]]>
</style>
<style type="text/css">
@font-face {
font-family: embeded;
src: url(woffs/embeded-text-text-05.woff) format("woff");
}
</style>
<style id="style1">
@import "../images/green.css"
</style>
automatic Workaround
[edit]sed -ri "s/ @import / import /" $file
sed -ri "s/ url\(([[:lower:]\.\/\"]*)([-[:alnum:]\/\.#\"]*)\)/ urlDeactivated\(\1\2\)/" $file
script
[edit]relevant part
[edit]<script></script>
<script xmlns=""/>
examples
[edit]
<script type="text/ecmascript"><![CDATA[
function onMouseClick(evt) {
// Get Document
var target = evt.target;
var doc = target.ownerDocument;
// Make test result visible
var testPassed = doc.getElementById('testPassed');
testPassed.setAttribute('visibility', 'visible');
// Make target invisible
var target = doc.getElementById('target');
target.setAttribute('visibility', 'hidden');
}
]]></script>
<script><![CDATA[
var svg = document.documentElement,
g = document.getElementById('g'),
r1 = document.getElementById('r1'),
r2 = document.getElementById('r2'),
r3 = document.getElementById('r3');
var m1 = svg.createSVGMatrix(),
m2 = svg.createSVGMatrix(),
m3 = svg.createSVGMatrix();
var t;
m1.a = 3; m1.b = 0; m1.c = 0; m1.d = 1; m1.e = 0; m1.f = 0;
m2.a = 3; m2.b = 0; m2.c = 0; m2.d = 1; m2.e = 0; m2.f = 0;
m3.a = 3; m3.b = 0; m3.c = 0; m3.d = 1; m3.e = 0; m3.f = 0;
try {
t = g.transform.baseVal.createSVGTransformFromMatrix(m1);
m1.a = 2;
r1.setAttribute('fill', t.matrix != m1 && t.matrix.a == 3 ? 'lime' : 'red');
} catch (e) {
}
try {
t = svg.createSVGTransformFromMatrix(m2);
m2.a = 2;
r2.setAttribute('fill', t.matrix != m2 && t.matrix.a == 3 ? 'lime' : 'red');
} catch (e) {
}
try {
t = g.transform.baseVal.getItem(0);
t.setMatrix(m3);
m3.a = 2;
r3.setAttribute('fill', t.matrix != m3 && t.matrix.a == 3 ? 'lime' : 'red');
} catch (e) {
}
]]></script>
<script type="text/javascript"><![CDATA[
try
{
var testG = document.getElementById("testG");
var testRect1 = document.getElementById("testRect1");
var testRect2 = document.getElementById("testRect2");
testRect1.setAttribute("fill", "green");
testG.removeChild(testRect2);
}
catch(ex)
{
alert("ERROR: " + ex.message);
}]]>
</script>
automatic Workaround
[edit]sed -ri "s/<script/<Deactivatedscript/" $file
sed -ri "s/<\/script>/<\/Deactivatedscript>/" $file
on*
[edit]relevant part
[edit]onactivate=""
onbegin=""
onclick=""
onend=""
onfocusin=""
onfocusout=""
onload=""
onmousedown=""
onmousemove=""
onmouseout=""
onmouseover=""
onmouseup=""
example
[edit]
<svg version="1.1" baseProfile="basic" onload="domTest(evt)" id="svg-root"
width="100%" height="100%" viewBox="0 0 480 360"
xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<g id="target" onclick="onMouseClick( evt )">
<set attributeName="in" to="passimg" begin="3s" fill="freeze" onbegin="runtest()"/>
<text x="20" y="90" onclick="bubbleNo(evt, 'red')" onmouseout="bubbleNo(evt, 'inherit')">
<circle id="on" cx="385" cy="65" r="10" fill-opacity="1" fill="#3c5" stroke="black" stroke-width="3" onmousedown="changePointerEvents('on')" />
<circle id="c10" cx="160" cy="350" r="100" fill-opacity="1" fill="#53f" stroke="black" pointer-events="all" onmouseover="changeFill('c10', '#F55')" onmouseout="changeFill('c10', '#53F')" />
<g id="target" onfocusin="onEvent(evt, 'onfocusin')" onfocusout="onEvent(evt, 'onfocusout')" onactivate="onEvent(evt, 'onactivate')">
<g id="target" onmousedown="onEvent(evt, 'onmousedown')" onmouseup="onEvent(evt, 'onmouseup')" onclick="onEvent(evt, 'onclick')">
<g id="target" onmouseover="onEvent(evt, 'onmouseover')" onmousemove="onEvent(evt, 'onmousemove')" onmouseout="onEvent(evt, 'onmouseout')">
<set attributeName='visibility' to='hidden' dur='1s' onend='g()'/>
automatic Workaround
[edit]sed -ri "s/[[:blank:]]on([[:lower:]]+)=(\"|')([[:alpha:]]+[[:alnum:]_,' \(\)\.#;]*)/ deactivatedon\1=\2\3/g" $file
XML-Parser
[edit]relevant part
[edit] <!ENTITY Smile "
<rect x='.5' y='.5' width='29' height='39' fill='black' stroke='orange' stroke-width='2'/>
<g transform='translate(0, 5)'>
<circle cx='15' cy='15' r='10' fill='yellow'/>
<circle cx='12' cy='12' r='1.5' fill='black'/>
<circle cx='17' cy='12' r='1.5' fill='black'/>
<path d='M 10 19 L 15 23 20 19' stroke='black' stroke-width='2'/>
</g>
">
<!ATTLIST bar id ID #REQUIRED>
examples
[edit]
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1 Basic//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11-basic.dtd" [
<!ENTITY Smile "
<rect x='.5' y='.5' width='29' height='39' fill='black' stroke='orange' stroke-width='2'/>
<g transform='translate(0, 5)'>
<circle cx='15' cy='15' r='10' fill='yellow'/>
<circle cx='12' cy='12' r='1.5' fill='black'/>
<circle cx='17' cy='12' r='1.5' fill='black'/>
<path d='M 10 19 L 15 23 20 19' stroke='black' stroke-width='2'/>
</g>
">
<!ENTITY Viewport1 "<rect x='.5' y='.5' width='49' height='29' fill='none' stroke='blue'/>">
<!ENTITY Viewport2 "<rect x='.5' y='.5' width='29' height='59' fill='none' stroke='blue'/>">
]>
<!DOCTYPE svg [
<!ATTLIST bar id ID #REQUIRED>
]>