Kd/fix allow svg doctype (#14344)

* make svg regex case-insensitive & use strict word boundary

* allow doctype svg

* add doctype tests

* allow <!DOCTYPE svg> and <svg/>

modules/base/tool.go

@@ -35,8 +35,8 @@ const sniffLen = 512
 // SVGMimeType MIME type of SVG images.
 const SVGMimeType = "image/svg+xml"
 
-var svgTagRegex = regexp.MustCompile(`(?s)\A\s*(?:<!--.*?-->\s*)*<svg\b`)
+var svgTagRegex = regexp.MustCompile(`(?si)\A\s*(?:(<!--.*?-->|<!DOCTYPE\s+svg([\s:]+.*?>|>))\s*)*<svg[\s>\/]`)
-var svgTagInXMLRegex = regexp.MustCompile(`(?s)\A<\?xml\b.*?\?>\s*(?:<!--.*?-->\s*)*<svg\b`)
+var svgTagInXMLRegex = regexp.MustCompile(`(?si)\A<\?xml\b.*?\?>\s*(?:(<!--.*?-->|<!DOCTYPE\s+svg([\s:]+.*?>|>))\s*)*<svg[\s>\/]`)
 
 // EncodeMD5 encodes string to md5 hex value.
 func EncodeMD5(str string) string {

modules/base/tool_test.go

@@ -216,6 +216,9 @@ func TestIsSVGImageFile(t *testing.T) {
 	assert.True(t, IsSVGImageFile([]byte(`<!-- Multiline
 	Comment -->
 	<svg></svg>`)))
+	assert.True(t, IsSVGImageFile([]byte(`<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1 Basic//EN"
+	"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11-basic.dtd">
+	<svg></svg>`)))
 	assert.True(t, IsSVGImageFile([]byte(`<?xml version="1.0" encoding="UTF-8"?>
 	<!-- Comment -->
 	<svg></svg>`)))
@@ -227,6 +230,11 @@ func TestIsSVGImageFile(t *testing.T) {
 	<!-- Multline
 	Comment -->
 	<svg></svg>`)))
+	assert.True(t, IsSVGImageFile([]byte(`<?xml version="1.0" encoding="UTF-8"?>
+	<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+	<!-- Multline
+	Comment -->
+	<svg></svg>`)))
 	assert.False(t, IsSVGImageFile([]byte{}))
 	assert.False(t, IsSVGImageFile([]byte("svg")))
 	assert.False(t, IsSVGImageFile([]byte("<svgfoo></svgfoo>")))