fix: DEV-2236: Stored XSS via SVG file

[dvwright]

• strip harmful tags from SVG files

[codecov]

Codecov Report

Merging #2273 (af45e0c) into develop (17b40da) will decrease coverage by 0.33%.
The diff coverage is n/a.

❗ Current head af45e0c differs from pull request most recent head 03d569b. Consider uploading reports for the commit 03d569b to get more accurate results

@@             Coverage Diff             @@
##           develop    #2273      +/-   ##
===========================================
- Coverage    77.80%   77.46%   -0.34%     
===========================================
  Files          137      139       +2     
  Lines         9951    10175     +224     
===========================================
+ Hits          7742     7882     +140     
- Misses        2209     2293      +84     

Impacted Files	Coverage Δ
label_studio/label_studio/users/mixins.py	75.00% <0.00%> (-12.50%)	⬇️
...bel_studio/label_studio/organizations/functions.py	66.66% <0.00%> (-10.26%)	⬇️
label_studio/label_studio/data_manager/managers.py	78.34% <0.00%> (-3.36%)	⬇️
label_studio/label_studio/users/forms.py	87.09% <0.00%> (-2.38%)	⬇️
label_studio/label_studio/tasks/serializers.py	84.27% <0.00%> (-2.27%)	⬇️
label_studio/label_studio/data_manager/api.py	83.75% <0.00%> (-1.97%)	⬇️
...abel_studio/label_studio/data_manager/functions.py	64.70% <0.00%> (-1.97%)	⬇️
.../label_studio/data_manager/actions/experimental.py	18.26% <0.00%> (-1.25%)	⬇️
..._studio/label_studio/data_manager/actions/basic.py	75.40% <0.00%> (-0.87%)	⬇️
label_studio/label_studio/tasks/models.py	89.20% <0.00%> (-0.85%)	⬇️
... and 25 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 013e681...03d569b. Read the comment docs.

[dvwright]

needs more testing, does work for the example provided by the user