From fa06f0f94f864b5d69d9065c41547320af3eae3c Mon Sep 17 00:00:00 2001
From: Ben Thomson <git@alfreido.com>
Date: Wed, 8 Dec 2021 14:28:30 +0800
Subject: [PATCH 1/2] Add SVG sanitization and extraction

---
 composer.json                                 |  3 +-
 src/Foundation/Bootstrap/RegisterWinter.php   |  3 +
 src/Support/Facades/Svg.php                   | 21 +++++++
 src/Support/Svg.php                           | 60 +++++++++++++++++++
 tests/Support/SvgTest.php                     | 22 +++++++
 tests/fixtures/svg/extracted/winter-dirty.svg |  1 +
 tests/fixtures/svg/extracted/winter.svg       |  1 +
 tests/fixtures/svg/winter-dirty.svg           | 59 ++++++++++++++++++
 tests/fixtures/svg/winter.svg                 | 56 +++++++++++++++++
 9 files changed, 225 insertions(+), 1 deletion(-)
 create mode 100644 src/Support/Facades/Svg.php
 create mode 100644 src/Support/Svg.php
 create mode 100644 tests/Support/SvgTest.php
 create mode 100644 tests/fixtures/svg/extracted/winter-dirty.svg
 create mode 100644 tests/fixtures/svg/extracted/winter.svg
 create mode 100644 tests/fixtures/svg/winter-dirty.svg
 create mode 100644 tests/fixtures/svg/winter.svg

diff --git a/composer.json b/composer.json
index 9c81953a1..0a254b33f 100644
--- a/composer.json
+++ b/composer.json
@@ -44,7 +44,8 @@
         "league/csv": "~9.1",
         "nesbot/carbon": "^2.0",
         "laravel/framework": "~6.0",
-        "laravel/tinker": "~2.0"
+        "laravel/tinker": "~2.0",
+        "enshrined/svg-sanitize": "^0.14.1"
     },
     "require-dev": {
         "phpunit/phpunit": "^8.5.12|^9.3.3",
diff --git a/src/Foundation/Bootstrap/RegisterWinter.php b/src/Foundation/Bootstrap/RegisterWinter.php
index da6719cc3..c10d16690 100644
--- a/src/Foundation/Bootstrap/RegisterWinter.php
+++ b/src/Foundation/Bootstrap/RegisterWinter.php
@@ -25,6 +25,9 @@ public function bootstrap(Application $app)
         $app->singleton('string', function () {
             return new \Winter\Storm\Support\Str;
         });
+        $app->singleton('svg', function () {
+            return new \Winter\Storm\Support\Svg;
+        });
 
         /*
          * Change paths based on config
diff --git a/src/Support/Facades/Svg.php b/src/Support/Facades/Svg.php
new file mode 100644
index 000000000..c6e97a49e
--- /dev/null
+++ b/src/Support/Facades/Svg.php
@@ -0,0 +1,21 @@
+<?php namespace Winter\Storm\Support\Facades;
+
+use Winter\Storm\Support\Facade;
+
+/**
+ * @method static string extract(string $path, bool $minify = true)
+ *
+ * @see \Winter\Storm\Support\Svg
+ */
+class Svg extends Facade
+{
+    /**
+     * Get the registered name of the component.
+     *
+     * @return string
+     */
+    protected static function getFacadeAccessor()
+    {
+        return 'svg';
+    }
+}
diff --git a/src/Support/Svg.php b/src/Support/Svg.php
new file mode 100644
index 000000000..be9c232ce
--- /dev/null
+++ b/src/Support/Svg.php
@@ -0,0 +1,60 @@
+<?php namespace Winter\Storm\Support;
+
+use Winter\Storm\Exception\ApplicationException;
+use enshrined\svgSanitize\Sanitizer;
+
+/**
+ * A simple wrapper for SVG extraction.
+ *
+ * Under the hood, this uses the "svg-sanitizer" library by Daryll Doyle (https://github.com/darylldoyle/svg-sanitizer)
+ * to sanitize and/or extract the SVG for usage within Winter.
+ *
+ * @author Winter CMS
+ */
+class Svg
+{
+    /**
+     * Extracts and sanitizes SVG code from a given file.
+     *
+     * @param string $path The path to the SVG file.
+     * @param boolean $minify Whether to minify the extracted SVG code.
+     * @return string
+     * @throws ApplicationException If no file, or a malformed SVG, is found at the given path.
+     */
+    public static function extract($path, $minify = true)
+    {
+        if (!is_file($path)) {
+            throw new ApplicationException(sprintf('No SVG file found at path "%s"', $path));
+        }
+
+        $sanitized = static::sanitize(file_get_contents($path), $minify);
+
+        if (!$sanitized) {
+            throw new ApplicationException(sprintf('Malformed SVG encountered at path "%s"', $path));
+        }
+
+        return $sanitized;
+    }
+
+    /**
+     * Sanitizes SVG code.
+     *
+     * See https://github.com/darylldoyle/svg-sanitizer for usage of the underlying sanitization library.
+     *
+     * @param string $svg SVG code.
+     * @param boolean $minify Whether to minify the given SVG code.
+     * @return string
+     */
+    protected static function sanitize($svg, $minify = true)
+    {
+        $sanitizer = new Sanitizer();
+        $sanitizer->removeRemoteReferences(true);
+        $sanitizer->removeXMLTag(true);
+
+        if ($minify) {
+            $sanitizer->minify(true);
+        }
+
+        return trim($sanitizer->sanitize($svg));
+    }
+}
diff --git a/tests/Support/SvgTest.php b/tests/Support/SvgTest.php
new file mode 100644
index 000000000..7bc723271
--- /dev/null
+++ b/tests/Support/SvgTest.php
@@ -0,0 +1,22 @@
+<?php
+
+use Winter\Storm\Support\Svg;
+
+class SvgTest extends TestCase
+{
+    public function testCleanSvg()
+    {
+        $svg = Svg::extract(dirname(__DIR__) . '/fixtures/svg/winter.svg');
+        $fixture = trim(file_get_contents(dirname(__DIR__) . '/fixtures/svg/extracted/winter.svg'));
+
+        $this->assertEquals($fixture, $svg);
+    }
+
+    public function testDirtySvg()
+    {
+        $svg = Svg::extract(dirname(__DIR__) . '/fixtures/svg/winter-dirty.svg');
+        $fixture = trim(file_get_contents(dirname(__DIR__) . '/fixtures/svg/extracted/winter-dirty.svg'));
+
+        $this->assertEquals($fixture, $svg);
+    }
+}
diff --git a/tests/fixtures/svg/extracted/winter-dirty.svg b/tests/fixtures/svg/extracted/winter-dirty.svg
new file mode 100644
index 000000000..31a09caba
--- /dev/null
+++ b/tests/fixtures/svg/extracted/winter-dirty.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:serif="http://www.serif.com/" width="100%" height="100%" viewBox="0 0 1988 2212" version="1.1" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-miterlimit:10;"> <g id="Snowflake"> <g> <path d="M993.872,1105.52l-0,833.334" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M807.62,1476.42l186.252,-186.252l186.252,186.252" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M752.928,1781.55l240.944,-240.944l240.944,240.944" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> <g> <path d="M993.872,1105.52l-721.688,416.667" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M579.534,1129.67l254.425,68.173l-68.173,254.425" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M287.943,1234.87l329.135,88.191l-88.191,329.135" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> <g> <path d="M993.872,1105.52l-721.688,-416.666" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M765.786,758.767l68.173,254.425l-254.425,68.173" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M528.887,558.841l88.191,329.135l-329.135,88.191" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> <g> <path d="M993.872,1105.52l-0,-833.333" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M1180.12,734.614l-186.252,186.252l-186.252,-186.252" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M1234.82,429.49l-240.944,240.944l-240.944,-240.944" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> <g> <path d="M993.872,1105.52l721.688,-416.666" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M1408.21,1081.37l-254.425,-68.173l68.173,-254.425" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M1699.8,976.167l-329.135,-88.191l88.191,-329.135" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> <g> <path d="M993.872,1105.52l721.688,416.667" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M1221.96,1452.27l-68.173,-254.425l254.425,-68.173" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M1458.86,1652.19l-88.191,-329.135l329.135,-88.191" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> <a>link</a> </g> </svg>
diff --git a/tests/fixtures/svg/extracted/winter.svg b/tests/fixtures/svg/extracted/winter.svg
new file mode 100644
index 000000000..6386f7eb1
--- /dev/null
+++ b/tests/fixtures/svg/extracted/winter.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:serif="http://www.serif.com/" width="100%" height="100%" viewBox="0 0 1988 2212" version="1.1" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-miterlimit:10;"> <g id="Snowflake"> <g> <path d="M993.872,1105.52l-0,833.334" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M807.62,1476.42l186.252,-186.252l186.252,186.252" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M752.928,1781.55l240.944,-240.944l240.944,240.944" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> <g> <path d="M993.872,1105.52l-721.688,416.667" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M579.534,1129.67l254.425,68.173l-68.173,254.425" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M287.943,1234.87l329.135,88.191l-88.191,329.135" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> <g> <path d="M993.872,1105.52l-721.688,-416.666" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M765.786,758.767l68.173,254.425l-254.425,68.173" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M528.887,558.841l88.191,329.135l-329.135,88.191" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> <g> <path d="M993.872,1105.52l-0,-833.333" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M1180.12,734.614l-186.252,186.252l-186.252,-186.252" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M1234.82,429.49l-240.944,240.944l-240.944,-240.944" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> <g> <path d="M993.872,1105.52l721.688,-416.666" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M1408.21,1081.37l-254.425,-68.173l68.173,-254.425" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M1699.8,976.167l-329.135,-88.191l88.191,-329.135" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> <g> <path d="M993.872,1105.52l721.688,416.667" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> <path d="M1221.96,1452.27l-68.173,-254.425l254.425,-68.173" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;"></path> <path d="M1458.86,1652.19l-88.191,-329.135l329.135,-88.191" style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;"></path> </g> </g> </svg>
diff --git a/tests/fixtures/svg/winter-dirty.svg b/tests/fixtures/svg/winter-dirty.svg
new file mode 100644
index 000000000..55656a44c
--- /dev/null
+++ b/tests/fixtures/svg/winter-dirty.svg
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg width="100%"
+    height="100%" viewBox="0 0 1988 2212" version="1.1" xmlns="http://www.w3.org/2000/svg"
+    xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/"
+    style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-miterlimit:10;">
+    <g id="Snowflake" onload="alert(1);">
+        <g>
+            <path d="M993.872,1105.52l-0,833.334"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M807.62,1476.42l186.252,-186.252l186.252,186.252"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M752.928,1781.55l240.944,-240.944l240.944,240.944"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+        <g>
+            <path d="M993.872,1105.52l-721.688,416.667"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M579.534,1129.67l254.425,68.173l-68.173,254.425"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M287.943,1234.87l329.135,88.191l-88.191,329.135"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+        <g>
+            <path d="M993.872,1105.52l-721.688,-416.666"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M765.786,758.767l68.173,254.425l-254.425,68.173"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M528.887,558.841l88.191,329.135l-329.135,88.191"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+        <g>
+            <path d="M993.872,1105.52l-0,-833.333"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M1180.12,734.614l-186.252,186.252l-186.252,-186.252"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M1234.82,429.49l-240.944,240.944l-240.944,-240.944"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+        <g>
+            <path d="M993.872,1105.52l721.688,-416.666"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M1408.21,1081.37l-254.425,-68.173l68.173,-254.425"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M1699.8,976.167l-329.135,-88.191l88.191,-329.135"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+        <this>shouldn't be here</this>
+        <g>
+            <path d="M993.872,1105.52l721.688,416.667"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M1221.96,1452.27l-68.173,-254.425l254.425,-68.173"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M1458.86,1652.19l-88.191,-329.135l329.135,-88.191"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+        <a xlink:href="javascript:alert(2)">link</a>
+        <script>alert(3);</script>
+    </g>
+</svg>
diff --git a/tests/fixtures/svg/winter.svg b/tests/fixtures/svg/winter.svg
new file mode 100644
index 000000000..6c7ddced0
--- /dev/null
+++ b/tests/fixtures/svg/winter.svg
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg width="100%"
+    height="100%" viewBox="0 0 1988 2212" version="1.1" xmlns="http://www.w3.org/2000/svg"
+    xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" xmlns:serif="http://www.serif.com/"
+    style="fill-rule:evenodd;clip-rule:evenodd;stroke-linecap:round;stroke-miterlimit:10;">
+    <g id="Snowflake">
+        <g>
+            <path d="M993.872,1105.52l-0,833.334"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M807.62,1476.42l186.252,-186.252l186.252,186.252"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M752.928,1781.55l240.944,-240.944l240.944,240.944"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+        <g>
+            <path d="M993.872,1105.52l-721.688,416.667"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M579.534,1129.67l254.425,68.173l-68.173,254.425"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M287.943,1234.87l329.135,88.191l-88.191,329.135"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+        <g>
+            <path d="M993.872,1105.52l-721.688,-416.666"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M765.786,758.767l68.173,254.425l-254.425,68.173"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M528.887,558.841l88.191,329.135l-329.135,88.191"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+        <g>
+            <path d="M993.872,1105.52l-0,-833.333"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M1180.12,734.614l-186.252,186.252l-186.252,-186.252"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M1234.82,429.49l-240.944,240.944l-240.944,-240.944"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+        <g>
+            <path d="M993.872,1105.52l721.688,-416.666"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M1408.21,1081.37l-254.425,-68.173l68.173,-254.425"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M1699.8,976.167l-329.135,-88.191l88.191,-329.135"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+        <g>
+            <path d="M993.872,1105.52l721.688,416.667"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+            <path d="M1221.96,1452.27l-68.173,-254.425l254.425,-68.173"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;stroke-linecap:square;" />
+            <path d="M1458.86,1652.19l-88.191,-329.135l329.135,-88.191"
+                style="fill:none;fill-rule:nonzero;stroke:#2da7c7;stroke-width:54.17px;" />
+        </g>
+    </g>
+</svg>

From a15bf525671478cf5cb9a5f63bcdb5f6fb181238 Mon Sep 17 00:00:00 2001
From: Ben Thomson <git@alfreido.com>
Date: Thu, 25 Aug 2022 12:50:37 +0800
Subject: [PATCH 2/2] Relax version constraint for SVG Sanitizer

---
 composer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/composer.json b/composer.json
index 152da871a..6d7597aa2 100644
--- a/composer.json
+++ b/composer.json
@@ -37,7 +37,7 @@
 
         "assetic/framework": "~3.0",
         "doctrine/dbal": "^2.6",
-        "enshrined/svg-sanitize": "^0.14.1",
+        "enshrined/svg-sanitize": "^0.15",
         "erusev/parsedown-extra": "~0.7",
         "laravel/framework": "^9.1",
         "laravel/tinker": "^2.7",