search

imgproxy / imgproxy

Fast and secure standalone server for resizing and converting remote images
https://imgproxy.net
MIT License
8.85k stars 629 forks source link

Produces invalid SVG when namespaced attributes appear before namespace declaration #1288

Closed diegoatpitch closed 1 month ago

diegoatpitch commented 4 months ago

Just got a browser complaining about parsing the SVG output of Imgproxy. Debugging the file it seems to be an issue with the ordering of attributes on the svg element. I could produce a minimal example.

Input:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
  version="1.1"
  viewBox="0 0 200 200"
  x="0px"
  y="0px"
  width="200"
  height="200"
  sodipodi:docname="my.svg"
  inkscape:version="1.2.2 (732a01da63, 2022-12-09)"
  inkscape:export-filename="..\Desktop\my.svg"
  xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
  xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
  xmlns="http://www.w3.org/2000/svg"
  xmlns:svg="http://www.w3.org/2000/svg"
>
  <svg:rect width="100%" height="100%" fill="green" />
</svg>

Output:

<svg
  viewBox="0 0 200 200"
  width="200"
  height="200"
  sodipodi:docname="my.svg"
  inkscape:version="1.2.2 (732a01da63, 2022-12-09)"
  inkscape:export-filename="..\Desktop\my.svg"
  xmlns="http://www.w3.org/2000/svg"
  xmlns:svg="http://www.w3.org/2000/svg"
>
  <svg:rect width="100%" height="100%" fill="green"/>
</svg>

sodipodi and inkscape namespaces got removed but not the attributes.

Now, if the input SVG is the same but with namespaced attributes after the namespace declarations, it works.

Input:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg
  version="1.1"
  viewBox="0 0 200 200"
  x="0px"
  y="0px"
  width="200"
  height="200"
  xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
  xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
  xmlns="http://www.w3.org/2000/svg" xmlns:svg="http://www.w3.org/2000/svg"
  sodipodi:docname="my.svg"
  inkscape:version="1.2.2 (732a01da63, 2022-12-09)"
  inkscape:export-filename="..\Desktop\my.svg"
>
  <svg:rect width="100%" height="100%" fill="green" />
</svg>

Output:

<svg
  viewBox="0 0 200 200"
  width="200"
  height="200"
  xmlns="http://www.w3.org/2000/svg"
  xmlns:svg="http://www.w3.org/2000/svg"
>
  <svg:rect width="100%" height="100%" fill="green"/>
</svg>
DarthSim commented 4 months ago

Hey @diegoatpitch!

Thanks for another sample! Fixed in the latest build.

diegoatpitch commented 1 month ago

Haven't seen the issue again. Thanks @DarthSim