From 17ef711d43e8325525a1ea58313713083ea2694c Mon Sep 17 00:00:00 2001
From: Bartosz Galek <bartosz@galek.com.pl>
Date: Mon, 16 Sep 2024 09:52:35 +0200
Subject: [PATCH] detecting simple script tag inside the markup

---
 .../github/bgalek/security/svg/SvgSecurityValidator.java  | 8 +++-----
 .../com/github/bgalek/security/svg/ValidationResult.java  | 2 +-
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/github/bgalek/security/svg/SvgSecurityValidator.java b/src/main/java/com/github/bgalek/security/svg/SvgSecurityValidator.java
index 8775b20..264a9e2 100644
--- a/src/main/java/com/github/bgalek/security/svg/SvgSecurityValidator.java
+++ b/src/main/java/com/github/bgalek/security/svg/SvgSecurityValidator.java
@@ -7,11 +7,7 @@
 import javax.xml.parsers.DocumentBuilder;
 import java.io.ByteArrayInputStream;
 import java.nio.charset.StandardCharsets;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Objects;
-import java.util.Set;
+import java.util.*;
 import java.util.regex.Pattern;
 
 /**
@@ -25,6 +21,7 @@
 public class SvgSecurityValidator implements XssDetector {
 
     private static final Pattern JAVASCRIPT_PROTOCOL_IN_CSS_URL = Pattern.compile("url\\(.?javascript");
+    private static final Pattern SCRIPT_TAG = Pattern.compile("</?\\s*(?)script\\s*[a-zA-Z=/\"]*\\s*>", Pattern.CASE_INSENSITIVE);
 
     private final String[] svgElements;
     private final String[] svgAttributes;
@@ -81,6 +78,7 @@ private void validateXMLSchema(String input) {
 
     private Set<String> getOffendingElements(String xml) {
         if (JAVASCRIPT_PROTOCOL_IN_CSS_URL.matcher(xml).find()) return Collections.singleton("style");
+        if (SCRIPT_TAG.matcher(xml).find()) return Collections.singleton("script");
         PolicyFactory policy = new HtmlPolicyBuilder()
                 .allowElements(this.svgElements)
                 .allowAttributes(this.svgAttributes).globally()
diff --git a/src/main/java/com/github/bgalek/security/svg/ValidationResult.java b/src/main/java/com/github/bgalek/security/svg/ValidationResult.java
index b09e83a..e4e1b94 100644
--- a/src/main/java/com/github/bgalek/security/svg/ValidationResult.java
+++ b/src/main/java/com/github/bgalek/security/svg/ValidationResult.java
@@ -12,7 +12,7 @@ public interface ValidationResult {
     boolean hasViolations();
 
     /**
-     * @return list of invalid elements or attributes found in SVG content
+     * @return set of invalid elements or attributes found in SVG content
      */
     Set<String> getOffendingElements();
 }