From bfd0c47ef67b25b916e6fbde9d9f6e2d9c4e2cb6 Mon Sep 17 00:00:00 2001 From: Kyle D Date: Fri, 15 Jan 2021 02:38:41 -0700 Subject: [PATCH] Kd/fix allow svg doctype (#14344) * make svg regex case-insensitive & use strict word boundary * allow doctype svg * add doctype tests * allow and --- modules/base/tool.go | 4 ++-- modules/base/tool_test.go | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/modules/base/tool.go b/modules/base/tool.go index c497bee44..53339d644 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -35,8 +35,8 @@ const sniffLen = 512 // SVGMimeType MIME type of SVG images. const SVGMimeType = "image/svg+xml" -var svgTagRegex = regexp.MustCompile(`(?s)\A\s*(?:\s*)*\s*(?:\s*)*||>))\s*)*\/]`) +var svgTagInXMLRegex = regexp.MustCompile(`(?si)\A<\?xml\b.*?\?>\s*(?:(||>))\s*)*\/]`) // EncodeMD5 encodes string to md5 hex value. func EncodeMD5(str string) string { diff --git a/modules/base/tool_test.go b/modules/base/tool_test.go index cda1685da..a2a989b31 100644 --- a/modules/base/tool_test.go +++ b/modules/base/tool_test.go @@ -216,6 +216,9 @@ func TestIsSVGImageFile(t *testing.T) { assert.True(t, IsSVGImageFile([]byte(` `))) + assert.True(t, IsSVGImageFile([]byte(` + `))) assert.True(t, IsSVGImageFile([]byte(` `))) @@ -227,6 +230,11 @@ func TestIsSVGImageFile(t *testing.T) { `))) + assert.True(t, IsSVGImageFile([]byte(` + + + `))) assert.False(t, IsSVGImageFile([]byte{})) assert.False(t, IsSVGImageFile([]byte("svg"))) assert.False(t, IsSVGImageFile([]byte("")))