Single quotation marks inside double-quoted strings are removed

[chris-morgan]

Example:

:root {
    background: url("data:image/svg+xml,%3csvg%20xmlns%3d'http://www.w3.org/2000/svg'/%3e");
}

This is cleaned to:

:root{background:url(data:image/svg+xml,%3csvg%20xmlns%3dhttp://www.w3.org/2000/svg/%3e)}

This is glaringly incorrect: it was fine to remove the double quotation marks, but definitely not to scrap the single quotation marks! The change breaks the embedded SVG.

If the data: URI contains ) or   it will leave all the quotes in, but that’s not a desirable solution.

As it stands, the workaround is to replace each ' with %27.

[jakubpawlowicz]

Thanks @chris-morgan for bringing this up. It should definitely keep single quotes. Btw, what's the method you escape inlined SVG?

[chris-morgan]

I have a habit of hand-writing SVG. Even hand-writing URL-encoded SVG.

The thing is that most of the encoding that something like encodeURIComponent will do isn’t necessary, and turns one byte into three for no purpose. (Sure, gzip will reclaim most of the delta, but meh.) Most browsers actually need practically no escaping—only making sure the quotes match and that # becomes %23; it’s just IE that is a little stricter (closer to the what the specs say, though even it is still more liberal than the spec). I just checked on IE 11 and it turns out that I can now skip encoding   and = as well, leaving in most cases only < → %3C, > →%3E and # → %23. (IE9 was stricter, needing uppercase %-escapes and a few more characters, but I normally don’t care about IE9.) Regular expressions help to replace those few.

SVG minimisation beyond what tools like SVGO do is a bit of a hobby of mine. I know far more about it all than is good for me.

[jakubpawlowicz]

Thanks for more details @chris-morgan. Let's fix it.

[jakubpawlowicz]

Fixed in 3.4.14.