The security check contains of the following parts:

1. The root node in the file has to be tagged <svg> (only server).
2. Check the SVG for suspicious elements (see below).

The SVG is checked for the following suspicious regular expressions:

"<script", "javascript:", "&#[0-9]+", "&#x[0-9abcdef]+",
"onfocusin", "onfocusout", "onactivate", "onclick", "onmousedown", "onmouseup", "onmouseover",
"onmousemove", "onmouseout", "onload", "onunload", "onabort", "onerror", "onresize", "onscroll",
"onzoom", "onbegin", "onend", "onrepeat", "onkey", "ondblclick", "\\bon[a-z]*="

This check is performed after:

• converting the SVG to lower case
• removing characters which might compromise the check

All characters matching the below are removed prior to the check. The ^ symbol is a negation meaning - the expression below means: remove all characters which are not a-z, 0-9, ., etc.

{"[^a-z0-9.,;:=<>+\\-\\/#\\*\\(\\)&]"}

Remark: these alterations are of course only done for checking purposes and don't change the SVG

In case you are aware of a threat which is not covered by the list above please let me know.