SVG icon sanitizer script?

Help & Support
1

Hello,

With SVG icons becoming more popular and the recent addition of SVG icon support in Directory Opus, I’m interested in creating a button command that can run an SVG sanitizer script. The idea would be to scan or verify selected SVG icon files for potentially malicious code before using them in DO, just to stay on the safe side.

I’m looking for guidance from fellow DO users who are comfortable reading and understanding code on what such a sanitizer would need to do and how it could be implemented effectively.

 
Would something like this be sufficient?: Githhub: DOMPurify
...and if so, how could that be turned into button?

 
As a related idea, maybe having a built-in sanitizer that automatically checks SVGs when pasting or importing icons could also be useful, if that would make sense? :slightly_smiling_face:

2

This is a good idea. I'm not on the latest version so I don't have this problem yet but I'd recommend running a yara scanner on the files as a first pass. I have some example buttons for using yara scanners like Thor-lite or Loki which you should be able to find in the buttons section of this forum.