Should SVGZs be handled by the library or the code consuming the library?

[darylldoyle]

SVGZ's can be handled by running the content through gzdecode() before sanitisation and then running through gzencode() afterwards.

I'm fairly certain we can use 0 === mb_strpos($contents , "\x1f" . "\x8b" . "\x08") to check if it's a gzipped string or not

Simple but should this be handled by the library or not?

[rheinardkorf]

On the one hand, I'm not sure what the demand for the support would be. It does mean that a user of this library will need to know that they need to setup their servers to handle the encoding for SVGZs correctly otherwise they will claim that your library does not work.

On the other hand, those that do configure their environments correctly and who would like to take advantage of compression would appreciate having a library that can sanitize their SVGZs for them.

If its an easy add I'd say why not...

[SeinopSys]

I'd suggest leaving it up to the consumer. Gzip decoding (as I've found) is not as straight forward as running any old string through gzdecode. If you didn't read the data in a specific way it can become corrupted and gzdecode will fail.

[drsassafras]

Perhaps someone using SVGZ files with svg-sanitizer could upstream their code so the rest could take advantage of it. Particularly if it's not as straightforward as it might seem, some well-tested code could be really useful in this regard.