mirror of
https://github.com/svg/svgo.git
synced 2026-01-27 07:02:06 +03:00
34 lines
1006 B
Plaintext
34 lines
1006 B
Plaintext
---
|
|
title: Remove Scripts
|
|
svgo:
|
|
pluginId: removeScriptElement
|
|
---
|
|
|
|
Removes all scripts from the document.
|
|
|
|
SVGs can be interactive through JavaScript. However, unless the SVG is coming from a trusted source, it's strongly advised to strip off JavaScript to avoid [XSS](https://developer.mozilla.org/docs/Glossary/Cross-site_scripting) attacks.
|
|
|
|
:::caution
|
|
|
|
This **will** break interactive SVGs that rely on JavaScript.
|
|
|
|
:::
|
|
|
|
This plugin performs the following operations:
|
|
|
|
- Removes [`<script>`](https://developer.mozilla.org/docs/Web/SVG/Element/script) elements.
|
|
- Removes [SVG event attributes](https://developer.mozilla.org/docs/Web/SVG/Attribute/Events), such as `onload`, `onclick`, and `oninput`, preserving the element itself.
|
|
- Collapses [`<a>`](https://developer.mozilla.org/docs/Web/SVG/Element/a) elements, moving children up to the parent element.
|
|
|
|
## Usage
|
|
|
|
<PluginUsage />
|
|
|
|
## Demo
|
|
|
|
<PluginDemo />
|
|
|
|
## Implementation
|
|
|
|
- https://github.com/svg/svgo/blob/main/plugins/removeScriptElement.js
|