diff --git a/package-lock.json b/package-lock.json
index 78f854f..a566005 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,7 +8,7 @@
"license": "MIT",
"dependencies": {
"chalk": "^4.1.2",
- "cheerio": "^1.0.0-rc.10",
+ "cheerio": "^1.0.0-rc.11",
"commander": "^9.2.0",
"file-url": "^3.0.0",
"get-stdin": "^8.0.0",
diff --git a/packages/convert-svg-core/package.json b/packages/convert-svg-core/package.json
index 02ef43b..a5fa8e9 100644
--- a/packages/convert-svg-core/package.json
+++ b/packages/convert-svg-core/package.json
@@ -36,7 +36,7 @@
},
"dependencies": {
"chalk": "^4.1.2",
- "cheerio": "^1.0.0-rc.10",
+ "cheerio": "^1.0.0-rc.11",
"commander": "^9.2.0",
"file-url": "^3.0.0",
"get-stdin": "^8.0.0",
diff --git a/packages/convert-svg-core/src/Converter.js b/packages/convert-svg-core/src/Converter.js
index 9d43043..12653ba 100644
--- a/packages/convert-svg-core/src/Converter.js
+++ b/packages/convert-svg-core/src/Converter.js
@@ -47,6 +47,7 @@ const _parseOptions = Symbol('parseOptions');
const _provider = Symbol('provider');
const _roundDimension = Symbol('roundDimension');
const _roundDimensions = Symbol('roundDimensions');
+const _sanitize = Symbol('sanitize');
const _setDimensions = Symbol('setDimensions');
const _tempFile = Symbol('tempFile');
const _validate = Symbol('validate');
@@ -114,9 +115,7 @@ class Converter {
options = this[_parseOptions](options);
- const output = await this[_convert](input, options);
-
- return output;
+ return await this[_convert](input, options);
}
/**
@@ -191,11 +190,13 @@ class Converter {
input = Buffer.isBuffer(input) ? input.toString('utf8') : input;
const { provider } = this;
- const svg = cheerio.default.html(cheerio.load(input, null, false)('svg'));
+ const svg = cheerio.default.html(this[_sanitize](cheerio.load(input, null, false)('svg')));
+
+ if (!svg) {
+ throw new Error('SVG element not found in input. Check the SVG input');
+ }
- let html = '';
- if (svg) {
- html += `
+ const html = `
@@ -207,9 +208,6 @@ html { background-color: ${provider.getBackgroundColor(options)}; }
${svg}
`;
- } else {
- throw new Error('SVG element not found in input. Check the SVG input');
- }
const page = await this[_getPage](html);
@@ -226,12 +224,10 @@ html { background-color: ${provider.getBackgroundColor(options)}; }
await page.setViewport(dimensions);
- const output = await page.screenshot(Object.assign({
+ return await page.screenshot(Object.assign({
type: provider.getType(),
clip: Object.assign({ x: 0, y: 0 }, dimensions)
}, provider.getScreenshotOptions(options)));
-
- return output;
}
async [_getDimensions](page, options) {
@@ -389,6 +385,10 @@ html { background-color: ${provider.getBackgroundColor(options)}; }
};
}
+ [_sanitize](svg) {
+ return svg.removeAttr('onload');
+ }
+
async [_setDimensions](page, dimensions) {
if (typeof dimensions.width !== 'number' && typeof dimensions.height !== 'number') {
return;
diff --git a/packages/convert-svg-test-helper/src/fixtures/input/issue-81.svg b/packages/convert-svg-test-helper/src/fixtures/input/issue-81.svg
new file mode 100644
index 0000000..2f4ea24
--- /dev/null
+++ b/packages/convert-svg-test-helper/src/fixtures/input/issue-81.svg
@@ -0,0 +1 @@
+
diff --git a/packages/convert-svg-test-helper/src/tests.json b/packages/convert-svg-test-helper/src/tests.json
index 94a1704..ff5bb82 100644
--- a/packages/convert-svg-test-helper/src/tests.json
+++ b/packages/convert-svg-test-helper/src/tests.json
@@ -163,6 +163,11 @@
"file": "cve-2021-23631.svg",
"message": "should only read SVG element"
},
+ {
+ "name": "when SVG has onload attribute",
+ "file": "issue-81.svg",
+ "message": "should strip onload attribute"
+ },
{
"name": "when setting both baseFile and baseUrl options",
"file": "external-file.svg",
diff --git a/packages/convert-svg-to-jpeg/test/fixtures/expected/28.jpeg b/packages/convert-svg-to-jpeg/test/fixtures/expected/28.jpeg
new file mode 100644
index 0000000..cac2f01
Binary files /dev/null and b/packages/convert-svg-to-jpeg/test/fixtures/expected/28.jpeg differ
diff --git a/packages/convert-svg-to-jpeg/test/fixtures/expected/35.jpeg b/packages/convert-svg-to-jpeg/test/fixtures/expected/35.jpeg
deleted file mode 100644
index 82d4cb3..0000000
Binary files a/packages/convert-svg-to-jpeg/test/fixtures/expected/35.jpeg and /dev/null differ
diff --git a/packages/convert-svg-to-jpeg/test/fixtures/expected/36.jpeg b/packages/convert-svg-to-jpeg/test/fixtures/expected/36.jpeg
index 85ba906..82d4cb3 100644
Binary files a/packages/convert-svg-to-jpeg/test/fixtures/expected/36.jpeg and b/packages/convert-svg-to-jpeg/test/fixtures/expected/36.jpeg differ
diff --git a/packages/convert-svg-to-jpeg/test/fixtures/expected/37.jpeg b/packages/convert-svg-to-jpeg/test/fixtures/expected/37.jpeg
index e81d08d..85ba906 100644
Binary files a/packages/convert-svg-to-jpeg/test/fixtures/expected/37.jpeg and b/packages/convert-svg-to-jpeg/test/fixtures/expected/37.jpeg differ
diff --git a/packages/convert-svg-to-jpeg/test/fixtures/expected/38.jpeg b/packages/convert-svg-to-jpeg/test/fixtures/expected/38.jpeg
new file mode 100644
index 0000000..e81d08d
Binary files /dev/null and b/packages/convert-svg-to-jpeg/test/fixtures/expected/38.jpeg differ
diff --git a/packages/convert-svg-to-png/test/fixtures/expected/28.png b/packages/convert-svg-to-png/test/fixtures/expected/28.png
new file mode 100644
index 0000000..29225d7
Binary files /dev/null and b/packages/convert-svg-to-png/test/fixtures/expected/28.png differ