@simon It depends on what you are doing with the svg....

It depends on what you are doing with the svg. If all you need to do is display it, then an img tag is your friend as the browsers have done all the work isolating it. If you need something a bit special like external css or javascript (rather than smil animations) then you do have to embed it.

Removing potentially harmful things is fairly easy though. Kill any script tags and js attributes, any style tag headers, nuke xlinks that don't start with a # (object id).

Good luck.

Like 25 October at 22:48 | Wall-to-wall | Open on floss.social