v0.1.0 (2026-05-28)
Initial release. Thin precompiled NIF wrapping Cloudflare's svg-hush
Rust crate (v0.9).
SvgSanitizer.sanitize/1strips<script>, event handlers, foreign objects, external references, and javascript:/data: URL vectors. Embedded raster data URLs (PNG/JPEG/GIF/WebP) are preserved.- Returns
{:ok, binary}or{:error, reason}wherereasonis one of:invalid_input | :input_too_large | :parse_error | :panic | :alloc_failed— all atoms, no internal-state leaks. SeeSvgSanitizer.reason/0. - Runs on a DirtyCpu scheduler.
- Rust panics are caught and surfaced as
{:error, :panic}rather than bringing down the BEAM node. (Stack overflow on the dirty NIF thread is not catchable — svg-hush's iterative parser keeps stack usage bounded.) - Inputs over 5 MB are rejected with
{:error, :input_too_large}at both the Elixir wrapper and the NIF boundary (defense in depth). - Non-binary input returns
{:error, :invalid_input}instead of raising. - Precompiled artifacts published for
aarch64-unknown-linux-gnuandx86_64-unknown-linux-gnu. macOS targets deferred (therustler-precompiled-actionmishandlescrosson Apple Silicon); Mac users build from source withSVG_SANITIZER_BUILD=1. - Requires OTP 26+ (NIF 2.17); earlier NIF versions added on demand.