sysutils/svgo
1
0
Fork 0
mirror of https://github.com/svg/svgo.git synced 2025-07-31 07:44:22 +03:00
Code Activity

docs: add migration guide for svgo v4 (#2119)

Browse Source
This commit is contained in:
Seth Falco
2025-05-05 17:27:55 +01:00
committed by GitHub
parent 747cc722d9
commit 75dc22b4fb
6 changed files with 142 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/04-plugins/removeScripts.mdx Normal file
View File

@ -0,0 +1,27 @@
---
title: removeScripts
svgo:
pluginId: removeScripts
---
Removes all scripts from the document.
SVGs can be interactive through JavaScript. However, unless the SVG is coming from a trusted source, it's strongly advised to strip off JavaScript to avoid [XSS](https://developer.mozilla.org/docs/Glossary/Cross-site_scripting) attacks.
:::caution
This **will** break interactive SVGs that rely on JavaScript.
:::
This plugin performs the following operations:
- Removes [`<script>`](https://developer.mozilla.org/docs/Web/SVG/Element/script) elements.
- Removes [SVG event attributes](https://developer.mozilla.org/docs/Web/SVG/Attribute/Events), such as `onload`, `onclick`, and `oninput`, preserving the element itself.
- Collapses [`<a>`](https://developer.mozilla.org/docs/Web/SVG/Element/a) elements, moving children up to the parent element.
:::info
Between v3 and v4, the plugin was renamed from `removeScriptElement` to `removeScripts` to reflect that it does more than just remove the `<script>` tag.
:::