Oliver Hader
It seems tag `0.15.0` addressed a security vulnerability, see corresponding advisory https://github.com/darylldoyle/svg-sanitizer/security/advisories/GHSA-fqx8-v33p-4qcc (CVE-2022-23638) Corresponding commit at https://github.com/darylldoyle/svg-sanitizer/commit/17e12ba9c2881caa6b167d0fbea555c11207fbb0 contains a new test case [`tests/data/htmlTest.svg`](https://github.com/darylldoyle/svg-sanitizer/blob/17e12ba9c2881caa6b167d0fbea555c11207fbb0/tests/data/htmlTest.svg). ### Invoked as `svg.svg` in browser, mime-type...
https://github.com/darylldoyle/svg-sanitizer/blob/master/src/svg-scanner.php * use proper Composer-based autoloading * make use CLI input options of `symfony/console` package --- Related: #43
Based on given SVG content, auto-discovery allows to resolve settings `minifyXML` and `removeXMLTag` settings - without explicitly declaring them. ```php $sanitizer = new Sanitizer(); $sanitizer->setAutoDiscover(true); $sanitizer->sanitize(' test); ``` * since...
* TravisCI configuration for getting tests "green" - there's more to do in terms of resolving inter-package dependencies and their version constraints ("dependency hell") * fixes issue #111 * fixes...
# Grammar ``` %token foobar5 ns:bar -> destinationNS ``` # Results * grammar is resolved to + namespace `foobar5 ns` + token `bar` + PCRE `-> destinationNS` + target ø...
## Grammar ``` %pragma parser.lookahead 0 %skip space \s %token a a+ %token b b+ %token c c+ #root: ( | | )* ``` ## Source ``` a b c...
## Grammar ``` %pragma parser.lookahead 0 %skip space \s %token int \d+ %token div / -> div %token div:int [1-9]\d* -> __shift__ * 1 %token mul \* -> mul %token...
https://psalm.dev/r/f6c52d7684 `$e = 'exec'; $e(...)` should be handled the same as `exec(...)`, which is a known tainted sink.
PoC: https://psalm.dev/r/49e01bb19a ```php // tainted HTML is correct here $a = new Other($_GET['inject']); echo $a->value; // ... but it's a false-positive here $b = new Other('static'); echo $b->value; ``` *...