How can I sanitize SVGs using this library?

[moraj-turing]

Is your feature request related to a problem? Please describe.
No, but would be nice to have a single sanitizing library/package

Describe the solution you'd like
SVG files, unlike other image formats are based on XML so they can store malicious tags eg:

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" >
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(document.domain);
   </script>
</svg>

<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 500 500">
    <script>//<![CDATA[
        alert(document.domain)
    //]]>
    </script>
</svg>

Describe alternatives you've considered
N/A

[kornelski]

Use svg-hush. It's designed for this: https://lib.rs/svg-hush

[sebadob]

You could do it with for instance

ammonia::Builder::default()
    .add_tags(&["path", "svg"])
    .add_tag_attributes("path", &["d", "stroke-linecap", "stroke-linejoin"])
    .add_tag_attributes(
        "svg",
        &[
            "fill",
            "height",
            "opacity",
            "stroke",
            "stroke-width",
            "viewBox",
            "width",
        ],
    )
    .clean("my whatever input string")
    .to_string()

But I don't recommend doing that, because you need to add everything manually. svg-hush works really good out of the box. It only makes sense if you need to sanitize a bigger HTML input and you want to keep svgs inside it.