https://github.com/bgalek/safe-svg

Simple and lightweight library that helps to validate SVG files in security manners.
https://github.com/bgalek/safe-svg

hacktoberfest security svg xss xss-detection

Last synced: 4 months ago
JSON representation

Simple and lightweight library that helps to validate SVG files in security manners.

• Host: GitHub
• URL: https://github.com/bgalek/safe-svg
• Owner: bgalek
• License: apache-2.0
• Created: 2019-03-15T11:36:28.000Z (over 7 years ago)
• Default Branch: main
• Last Pushed: 2026-03-09T12:21:32.000Z (4 months ago)
• Last Synced: 2026-03-09T17:10:56.806Z (4 months ago)
• Topics: hacktoberfest, security, svg, xss, xss-detection
• Language: Java
• Homepage: https://detektywi.it/2019/03/bezpieczny-svg/
• Size: 437 KB
• Stars: 45
• Watchers: 2
• Forks: 8
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Security: SECURITY.md

Awesome Lists containing this project

README

          
# SVG SECURITY

> Simple and lightweight library that helps to validate SVG files in security manners.

[![Build](https://github.com/bgalek/safe-svg/actions/workflows/build.yml/badge.svg?branch=main)](https://github.com/bgalek/safe-svg/actions/workflows/build.yml)

![Codecov](https://img.shields.io/codecov/c/github/bgalek/safe-svg.svg?style=flat-square)

![GitHub Release Date](https://img.shields.io/github/release-date/bgalek/safe-svg.svg?style=flat-square)

![Maven Central](https://img.shields.io/maven-central/v/com.github.bgalek.security.svg/safe-svg?style=flat-square)

![Libraries.io dependency status for GitHub repo](https://img.shields.io/librariesio/github/bgalek/safe-svg.svg?style=flat-square)

![Scrutinizer code quality](https://img.shields.io/scrutinizer/g/bgalek/safe-svg.svg?style=flat-square)

[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=bgalek_safe-svg&metric=alert_status)](https://sonarcloud.io/dashboard?id=bgalek_safe-svg?style=flat-square)

It will help you in detecting malicious content inside uploaded SVGs.

## Are you aware that SVG can cause XSS?

Read [https://sekurak.pl/pozwalasz-ladowac-pliki-svg-masz-xss-a/](https://sekurak.pl/pozwalasz-ladowac-pliki-svg-masz-xss-a/) for more details.

## Example

Try to upload this SVG into your application, if it passes through and user can browse this file - probably You are vulnerable to XSS attack.

```xml

alert('Hello, world!');

```

## Usage

Add library dependency:

```groovy

compile "com.github.bgalek.security.svg:safe-svg:1.1.4"

```

You can use this library to check uploaded svg files

```java

SvgSecurityValidator svgSecurityValidator = SvgSecurityValidator.builder().build();

String svg = "\n" +

                "\n" +

                "\n" +

                "\n" +

                "\n" +

                "alert('Hello, world!');\n" +

                "\n" +

                "";

        ValidationResult validation = svgSecurityValidator.validate(svg);

        if (validation.hasViolations()) {

            throw new RuntimeException("this file is suspicious" + validation.getOffendingElements());

        }

```

If you want to allow other (possibly non-safe) elements/attributes use

```java

ValidationResult detect = SvgSecurityValidator.builder()

    .withAdditionalElements(elements)

    .withAdditionalAttributes(attributes)

    .build()

    .validate(testFile);

```