In a further attempt to reduce remote code injection attack vectors, all attributes except for a set of allowed standard attributes are removed from the SVG element before being converted. Deprecated attributes are included by default, however, these can also be removed by disabling the new allowDeprecatedAttributes option.
In a further attempt to reduce remote code injection attack vectors, all attributes except for a set of allowed standard attributes are removed from the SVG element before being converted. Deprecated attributes are included by default, however, these can also be removed by disabling the new
allowDeprecatedAttributesoption.This PR should fix #84.