// html5sec SVG vectors
[
'<svg xmlns="http://www.w3.org/2000/svg"><script>alert(1)</script></svg>',
- true,
- true,
+ true, /* SVG is well formed */
+ true, /* Evil SVG detected */
'Script tag in svg (http://html5sec.org/#47)'
],
[
true,
false,
'DTD with aliased entities apos (Should be allowed)'
- ]
+ ],
+ [
+ '<svg xmlns="http://www.w3.org/2000/svg"><g filter="url( \'#foo\' )"></g></svg>',
+ true,
+ false,
+ 'SVG with local filter (T69044)'
+ ],
+ [
+ '<svg xmlns="http://www.w3.org/2000/svg"><g filter="url( http://example.com/#foo )"></g></svg>',
+ true,
+ true,
+ 'SVG with non-local filter (T69044)'
+ ],
+
];
// phpcs:enable
}