Tobias Oberstein

rgd pixel correctness: ah, right, that is a user knob. ideally then, the CI would test at different precision vs size tradeoff levels and the CI would also test using...

see my comment https://github.com/scour-project/scour/issues/29#issuecomment-640100963

Scour was I guess created primarily to minimize and sanitize own authored SVGs, not security-scrutinize foreign SVGs. So when I create an SVG myself, I will be aware of included...

ok, so there are indeed test cases in https://github.com/darylldoyle/svg-sanitizer/tree/master/tests/data for embedded JS: ``` oberstet@intel-nuci7:~/scm/3rdparty/svg-sanitizer/tests/data$ grep "script" *.svg badXmlTestOne.svg:alert(1); hrefTestOne.svg: test 1 hrefTestOne.svg: test 2 hrefTestOne.svg: test 7 hrefTestTwo.svg: test 1...

> embedding SVGs in an tag is the safest approach, as it will prevent the SVG from loading any JavaScript or external resources nice! we should probably add this as...

> run automatically on images users upload on a website ok, yeah, got you. that use case makes sense for scour as well - and then we could have new...

Thanks for the extensive list and useful structuring into separate issues! Awesome. Regarding the concrete list above: this all makes sense, however (given limited resources) I'd probably pick #15 as...

@Ede123 now that the unit tests are migrated, my personal next one on your list would be: bugs. Regarding the others: - Logo: I've looked at it .. mmmh;) Really?...

ok, yeah, we actually fire the listeners collected in `addUserErrorListener`;) there will be multiple locations where we have to add firing the hook .. best in probably to look at...

would you have a PR we can test?