The code shouldn't be vulnerable to SVG injection because the only external data that I insert are colors, and I sanitize them. However, this approach is fragile, scales poorly if I want to insert other values (like font styles in #13), and is bad practice. I should use DOM instead.
The code shouldn't be vulnerable to SVG injection because the only external data that I insert are colors, and I sanitize them. However, this approach is fragile, scales poorly if I want to insert other values (like font styles in #13), and is bad practice. I should use DOM instead.