Closed dkotter closed 4 months ago
From PHP docs (https://www.php.net/manual/en/libxml.constants.php):
Sets XML_PARSE_HUGE flag, which relaxes any hardcoded limit from the parser. This affects limits like maximum depth of a document or the entity recursion, as well as limits of the size of text nodes.
The only thing that should be checked manually then, concerns recursions.
@dkotter or @ohader any chance you can review the approach in #98, please?
Recently had a report of an SVG not being uploaded correctly within the Safe SVG WordPress plugin (which uses this library). In investigating, found out that
DOMDocument::loadXML
only supports files that are 10Mb or under. The SVG that was having issues was slightly over that mark.There is a config option we can pass in to allow larger files (
LIBXML_PARSEHUGE
) which did fix this reported issue. Not sure if there's any downside to this though.Would need to change this line: https://github.com/darylldoyle/svg-sanitizer/blob/master/src/Sanitizer.php#L201
to