From 216b510900bf6152b6e3e107a4633a1cbd6030d2 Mon Sep 17 00:00:00 2001
From: Alejandro Alonso <alejandroalonsofernandez@gmail.com>
Date: Tue, 17 May 2022 12:56:06 +0200
Subject: [PATCH] :bug: Fix security concern

---
 frontend/src/app/main/ui/shapes/svg_raw.cljs | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/frontend/src/app/main/ui/shapes/svg_raw.cljs b/frontend/src/app/main/ui/shapes/svg_raw.cljs
index ca950985e0..690ee60220 100644
--- a/frontend/src/app/main/ui/shapes/svg_raw.cljs
+++ b/frontend/src/app/main/ui/shapes/svg_raw.cljs
@@ -94,9 +94,10 @@
           {:keys [content]} shape
           {:keys [tag]} content
 
-          svg-root? (and (map? content) (= tag :svg))
-          svg-tag?  (map? content)
-          svg-leaf? (string? content)]
+          svg-root?  (and (map? content) (= tag :svg))
+          svg-tag?   (map? content)
+          svg-leaf?  (string? content)
+          valid-tag? (contains? usvg/svg-tags-list tag)]
 
       (cond
         svg-root?
@@ -104,12 +105,12 @@
          (for [item childs]
            [:& shape-wrapper {:shape item :key (dm/str (:id item))}])]
 
-        svg-tag?
+        (and svg-tag? valid-tag?)
         [:& svg-element {:shape shape}
          (for [item childs]
            [:& shape-wrapper {:shape item :key (dm/str (:id item))}])]
 
-        svg-leaf?
+        (and svg-leaf? valid-tag?)
         content
 
         :else nil))))