Documentation

Graphic_Data_SVG_Validator
in package

Enhanced SVG validation for WordPress plugin

Table of Contents

Methods

validate_svg_file()  : array<string|int, mixed>
Validate SVG file with comprehensive security checks
validate_svg_structure()  : array<string|int, mixed>
Validate SVG XML structure with comprehensive error reporting.
has_icons_layer()  : bool
Check if the SVG contains a group element with id="icons".
remove_bom()  : string
Remove UTF-8 Byte Order Mark (BOM) from the beginning of content.
scan_svg_security()  : bool
Scan SVG content for potentially dangerous or malicious elements.

Methods

validate_svg_file()

Validate SVG file with comprehensive security checks

public static validate_svg_file(string $file_path) : array<string|int, mixed>
Parameters
$file_path : string

Path to the file to validate

Return values
array<string|int, mixed>

Validation result with success status and error message

validate_svg_structure()

Validate SVG XML structure with comprehensive error reporting.

public static validate_svg_structure(string $content) : array<string|int, mixed>

Performs multiple validation checks on SVG content:

  • Removes BOM (Byte Order Mark) if present.
  • Verifies presence of opening and closing SVG tags.
  • Parses and validates XML structure.
  • Confirms root element is an SVG element.
  • Checks for typical SVG content indicators.
Parameters
$content : string

The raw SVG file content to validate.

Return values
array<string|int, mixed>

{ Validation result array.

@type bool             $valid Whether the SVG structure is valid.
@type string           $error Error message if validation failed, empty string otherwise.
@type SimpleXMLElement $xml   Parsed XML object (only present when valid is true).

}

has_icons_layer()

Check if the SVG contains a group element with id="icons".

private static has_icons_layer(SimpleXMLElement $xml) : bool

This layer is required for the infographic to function properly, as it contains the interactive icon elements. The method uses multiple detection strategies to handle various SVG structures:

  1. XPath query for with double quotes.
  2. XPath query for with single quotes.
  3. Manual iteration through all elements as a fallback.
Parameters
$xml : SimpleXMLElement

The parsed SVG XML object.

Return values
bool

True if an "icons" layer exists, false otherwise.

remove_bom()

Remove UTF-8 Byte Order Mark (BOM) from the beginning of content.

private static remove_bom(string $content) : string

Some text editors add a BOM (EF BB BF) at the start of UTF-8 files. This invisible character sequence can interfere with XML parsing and SVG validation, so it must be stripped before processing.

Parameters
$content : string

The raw file content that may contain a BOM.

Return values
string

The content with the BOM removed, if present.

scan_svg_security()

Scan SVG content for potentially dangerous or malicious elements.

private static scan_svg_security(string $content) : bool

Checks for common XSS attack vectors and security risks in SVG files:

  • Script tags that could execute JavaScript.
  • javascript: URI schemes in attributes.
  • Event handler attributes (onclick, onload, etc.).
  • Embedded content elements (iframe, object, embed).
  • External resource elements (link, meta).
  • foreignObject elements that can contain arbitrary HTML.
Parameters
$content : string

The raw SVG file content to scan.

Return values
bool

True if the content is safe, false if dangerous patterns are detected.


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results