search

darylldoyle / svg-sanitizer

A PHP SVG/XML Sanitizer
GNU General Public License v2.0
456 stars 68 forks source link

Adding standalone scanner #25

Closed gudmdharalds closed 5 years ago

gudmdharalds commented 5 years ago

This Pull-Request introduces a standalone scanner for the library. It can scan multiple files, specified on the command-line, and output a JSON string just before exiting with the results.

For instance:

$ php svg-scanner.php ~/svgs/myfile.svg 
{
    "totals": {
        "errors": 3
    },
    "files": {
        "\/home\/user\/svgs\/myfile.svg": {
            "errors": 3,
            "messages": [
                {
                    "message": "Suspicious tag 'blabla'",
                    "line": 16
                },
                {
                    "message": "Suspicious tag 'script'",
                    "line": 15
                },
                {
                    "message": "Suspicious attribute 'version'",
                    "line": 2
                }
            ]
        }
    }
}

I realise that this code might go outside the scope of the original purpose of the library, and if it is deemed not to fit, that is just fine. I created this for internal purposes and thought it might be good to share it. :-)

Some of the changes here are duplicates from #24, as this PR depends on that code.

darylldoyle commented 5 years ago

Thank you so much @gudmdharalds,

Another great addition that's been merged into the library 🙂