SVG files greater than 10Mb won't be sanitized

[dkotter]

Recently had a report of an SVG not being uploaded correctly within the Safe SVG WordPress plugin (which uses this library). In investigating, found out that DOMDocument::loadXML only supports files that are 10Mb or under. The SVG that was having issues was slightly over that mark.

There is a config option we can pass in to allow larger files (LIBXML_PARSEHUGE) which did fix this reported issue. Not sure if there's any downside to this though.

Would need to change this line: https://github.com/darylldoyle/svg-sanitizer/blob/master/src/Sanitizer.php#L201

to

$loaded = $this->xmlDocument->loadXML($dirty, LIBXML_PARSEHUGE);

[ohader]

From PHP docs (https://www.php.net/manual/en/libxml.constants.php):

Sets XML_PARSE_HUGE flag, which relaxes any hardcoded limit from the parser. This affects limits like maximum depth of a document or the entity recursion, as well as limits of the size of text nodes.

The only thing that should be checked manually then, concerns recursions.

[darylldoyle]

@dkotter or @ohader any chance you can review the approach in #98, please?