// List of disallowed SVG elements
// Adjusted from https://github.com/cure53/DOMPurify/blob/f6fcdb9f1c13b3559697db0038744a0a327d46ab/src/tags.js#L201
const svgDisallowed = [
	'a',
	'animate',
	'color-profile',
	'cursor',
	'discard',
	'fedropshadow',
	'font-face',
	'font-face-format',
	'font-face-name',
	'font-face-src',
	'font-face-uri',
	'foreignobject',
	'hatch',
	'hatchpath',
	'mesh',
	'meshgradient',
	'meshpatch',
	'meshrow',
	'missing-glyph',
	'script',
	'set',
	'solidcolor',
	'unknown',
	'use'
]

export const sanitizeSVG = (svg: string = '') => {

	if(!svg.trim()) {
		return ''
	}

	const playground = window.document.createElement('template')

	playground.innerHTML = svg

	const svgEl = playground.content.firstElementChild!

	if(svgEl?.tagName?.toUpperCase() !== 'SVG') {
		return ''
	}

	const attributes = Array.from(svgEl.attributes).map(({name}) => name)

	const hasScriptAttr = !!attributes.find((attr) => attr.startsWith('on'))

	const disallowedSvgElements = svgEl.querySelectorAll(svgDisallowed.join(','))

	return disallowedSvgElements.length === 0 && !hasScriptAttr ? svgEl.outerHTML : ''
}