Merge pull request #1 from zakyyudha/contrib-master

Update isSvg validator

Author: zakyyudha

lib/signature.js

@@ -35,4 +35,8 @@ module.exports = {
 	ZIP_2      : Buffer.from([0x50, 0x4B, 0x07, 0x08]),
 	WEBP       : Buffer.from([0x52, 0x49, 0x46, 0x46]),
 	SVG        : Buffer.from([0x3C, 0x3F, 0x78, 0x6D, 0x6C]),
+
+	HtmlCommentRegex    : /<!--([\s\S]*?)-->/gi,
+	SvgRegex            : /^\s*(?:<\?xml[^>]*>\s*)?(?:<!doctype svg[^>]*>\s*)?<svg[^>]*>[^*]*<\/svg>\s*$/gi,
+	ScriptRegex         : /<\s*script/gi,
 };

lib/validator.js

@@ -2,6 +2,7 @@
 
 const { Buffer } = require('buffer');
 const s = require('./signature');
+const { ScriptRegex, SvgRegex, HtmlCommentRegex } = require("./signature");
 
 /**
  * Check if buffer is one of the predefined file types function
@@ -115,7 +116,15 @@ const isZip = (buffer) => genericMultipleCompareBuffer(buffer, [s.ZIP_0, s.ZIP_1
 
 const isWebp = (buffer) => genericCompareBuffer(buffer, s.WEBP);
 
-const isSvg = (buffer) => genericCompareBuffer(buffer, s.SVG);
+const isSvg = (buffer) => {
+  if (!Buffer.isBuffer(buffer)) {
+    throw new Error('Input should be a buffer');
+  }
+
+  const buffStr = buffer.toString();
+  const withoutComments = buffStr.replace(HtmlCommentRegex, '');
+  return SvgRegex.test(withoutComments) && !ScriptRegex.test(withoutComments);
+}
 
 module.exports = {
   oneOf,