mvdevsunion/WPetition
1
0
Fork 0
mirror of https://github.com/MvDevsUnion/WPetition.git synced 2026-02-01 20:40:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed svg validation

Browse Source 
added debug endpoint to test svg errors
This commit is contained in:
fISHIE
2026-01-21 15:54:26 +05:00
parent 13614a18f7
commit 274af2f9ba
2 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Submission.Api/Controllers/DebugController.cs
View File

@@ -273,6 +273,17 @@ namespace Submission.Api.Controllers
}
}
[HttpPost("svg-debug", Name = "SvgDebug")]
public async Task<IActionResult> SVG_TEST([FromForm]string svg)
{
// SVG validation: reject bad/malicious SVGs before persisting
if (!Submission.Api.Services.SvgValidator.TryValidate(svg, out var svgError))
{
return BadRequest($"Invalid signature SVG: {svgError}");
}
return Ok("Valid SVG");
}
private (string frontmatter, string body) ParseMarkdownFile(string content)
{
var lines = content.Split('\n');

2
Submission.Api/Services/SvgValidator.cs
View File

@@ -19,7 +19,7 @@ namespace Submission.Api.Services
// Basic attribute whitelist (prefix-free) - attributes not listed are still allowed but checked for danger.
private static readonly HashSet<string> AllowedAttributes = new(StringComparer.OrdinalIgnoreCase)
{
"id","class","width","height","viewBox","fill","stroke","d","x","y","cx","cy","r","rx","ry","points",
"id","class","width","height","viewBox","fill","stroke","d","x","y","cx","cy","r","rx","ry","points","stroke-linecap","stroke-linejoin",
"transform","style","xmlns","xmlns:xlink","xlink:href","href","opacity","stroke-width","font-size","font-family"
};