From 5badcf1478be2cd5121ae4293654331ff5dd3bf0 Mon Sep 17 00:00:00 2001
From: ZaneHannanAU <ZaneHannanAU@users.noreply.github.com>
Date: Thu, 4 Oct 2018 20:50:38 +1000
Subject: [PATCH 1/6] svg: use higher specifity regexp for checks

Based on http://dassur.ma/things/regexp-quote/#bonus-html-tags

Essentially for if `<svg onclick='alert(">")'>`. A gigantic increase in complexity though...
---
 lib/types/svg.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/types/svg.js b/lib/types/svg.js
index 73c8d270..b561d1d3 100644
--- a/lib/types/svg.js
+++ b/lib/types/svg.js
@@ -1,12 +1,12 @@
 'use strict';
 
-var svgReg = /<svg[^>]+[^>]*>/;
+var svgReg = /<svg\s([^>"']|"([^"\\]|\\[^])*"|'([^'\\]|\\[^])*')*>/;
 function isSVG (buffer) {
   return svgReg.test(buffer);
 }
 
 var extractorRegExps = {
-  'root': /<svg\s[^>]+>/,
+  'root': svgReg,
   'width': /\bwidth=(['"])([^%]+?)\1/,
   'height': /\bheight=(['"])([^%]+?)\1/,
   'viewbox': /\bviewBox=(['"])(.+?)\1/

From 844d39cb1e041f92d10851353575bde22a931743 Mon Sep 17 00:00:00 2001
From: ZaneHannanAU <ZaneHannanAU@users.noreply.github.com>
Date: Thu, 4 Oct 2018 21:18:14 +1000
Subject: [PATCH 2/6] Create viewbox-width-height-brackets.svg

Used for possible HTML stuff.
---
 specs/images/valid/svg/viewbox-width-height-brackets.svg | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 specs/images/valid/svg/viewbox-width-height-brackets.svg

diff --git a/specs/images/valid/svg/viewbox-width-height-brackets.svg b/specs/images/valid/svg/viewbox-width-height-brackets.svg
new file mode 100644
index 00000000..ddfcd9f6
--- /dev/null
+++ b/specs/images/valid/svg/viewbox-width-height-brackets.svg
@@ -0,0 +1,7 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 246 912"
+  width="123px"
+  onclick='alert("<(*-*)> <(^-*)^ ^(*-^)> <(^-^)> ^(^_^)>")'
+  height="456px">
+  <rect x="0" y="0" width="200" height="400" fill="yellow" stroke="blue" stroke-width="2" />
+  <rect x="20" y="20" width="100" height="100" fill="red" stroke="green" stroke-width="12" />
+</svg>

From d1a92b395b878bc73feaec9d3bb25ea1c5d07baa Mon Sep 17 00:00:00 2001
From: ZaneHannanAU <ZaneHannanAU@users.noreply.github.com>
Date: Thu, 4 Oct 2018 22:35:04 +1000
Subject: [PATCH 3/6] Create no-quotes.svg

should fail; but can (possibly) pass.
---
 specs/images/invalid/no-quotes.svg | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 specs/images/invalid/no-quotes.svg

diff --git a/specs/images/invalid/no-quotes.svg b/specs/images/invalid/no-quotes.svg
new file mode 100644
index 00000000..57b3e409
--- /dev/null
+++ b/specs/images/invalid/no-quotes.svg
@@ -0,0 +1 @@
+<svg width=100 height=100 xmlns=http://www.w3.org/2000/svg />

From 74893e09b8b13a1ad48df5e82fb1f2168fc4a2ca Mon Sep 17 00:00:00 2001
From: ZaneHannanAU <ZaneHannanAU@users.noreply.github.com>
Date: Thu, 4 Oct 2018 22:36:34 +1000
Subject: [PATCH 4/6] Create broken-quotes.svg

Unescaped quotes within image.
---
 specs/images/invalid/broken-quotes.svg | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 specs/images/invalid/broken-quotes.svg

diff --git a/specs/images/invalid/broken-quotes.svg b/specs/images/invalid/broken-quotes.svg
new file mode 100644
index 00000000..0c19065c
--- /dev/null
+++ b/specs/images/invalid/broken-quotes.svg
@@ -0,0 +1,7 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 246 912"
+  width="123px"
+  onclick='alert("<(*-*)> <(^-*)' ^(*-^)> <(^-^)> ^(^_^)>")'
+  height="456px">
+  <rect x="0" y="0" width="200" height="400" fill="yellow" stroke="blue" stroke-width="2" />
+  <rect x="20" y="20" width="100" height="100" fill="red" stroke="green" stroke-width="12" />
+</svg>

From 378d67a715134535a991a964f83b451af3ffe5dc Mon Sep 17 00:00:00 2001
From: ZaneHannanAU <ZaneHannanAU@users.noreply.github.com>
Date: Thu, 4 Oct 2018 22:50:28 +1000
Subject: [PATCH 5/6] break broken quotes

---
 specs/images/invalid/broken-quotes.svg | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/specs/images/invalid/broken-quotes.svg b/specs/images/invalid/broken-quotes.svg
index 0c19065c..9d22b52f 100644
--- a/specs/images/invalid/broken-quotes.svg
+++ b/specs/images/invalid/broken-quotes.svg
@@ -1,7 +1,6 @@
-<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 246 912"
-  width="123px"
+<svg xmlns="http://www.w3.org/2000/svg"
   onclick='alert("<(*-*)> <(^-*)' ^(*-^)> <(^-^)> ^(^_^)>")'
-  height="456px">
+  height="456px" viewBox="0 0 246 912" width="123px">
   <rect x="0" y="0" width="200" height="400" fill="yellow" stroke="blue" stroke-width="2" />
   <rect x="20" y="20" width="100" height="100" fill="red" stroke="green" stroke-width="12" />
 </svg>

From 9b40caa7092a99e95654c72d5366cbe4c4ac610e Mon Sep 17 00:00:00 2001
From: ZaneHannanAU <ZaneHannanAU@users.noreply.github.com>
Date: Fri, 5 Oct 2018 11:51:43 +1000
Subject: [PATCH 6/6] Comply with DOM parser spec

---
 lib/types/svg.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/types/svg.js b/lib/types/svg.js
index b561d1d3..1b821f21 100644
--- a/lib/types/svg.js
+++ b/lib/types/svg.js
@@ -1,6 +1,6 @@
 'use strict';
 
-var svgReg = /<svg\s([^>"']|"([^"\\]|\\[^])*"|'([^'\\]|\\[^])*')*>/;
+var svgReg = /<svg\s([^>"']|"[^"]*"|'[^']*')*>/;
 function isSVG (buffer) {
   return svgReg.test(buffer);
 }