From 5ca3e23c388c539b2df3b46adeb748aa2494abaf Mon Sep 17 00:00:00 2001
From: "David A. Harding" <dave@dtrt.org>
Date: Tue, 18 Aug 2015 08:29:44 -0400
Subject: [PATCH] Add gitAttributes file to treat SVGs as binary (not text)

Also prevent SVGs from containing Javascript
---
 .gitattributes | 1 +
 Makefile       | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 .gitattributes

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 00000000..ac5100d1
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.svg  -diff
diff --git a/Makefile b/Makefile
index 6ac9385c..94c8849e 100644
--- a/Makefile
+++ b/Makefile
@@ -63,7 +63,8 @@ post-build-tests-fast: check-for-build-errors ensure-each-svg-has-a-png check-fo
     check-for-broken-kramdown-tables check-for-duplicate-header-ids \
     check-for-headers-containing-auto-link check-for-missing-subhead-links \
     check-for-subheading-anchors \
-    check-jshint
+    check-jshint \
+    check-for-javascript-in-svgs
 
 ## All pre-build tests, including those which might take multiple minutes
 pre-build-tests: pre-build-tests-fast
@@ -268,3 +269,7 @@ check-for-subheading-anchors:
 	$S grep -r -i --include \*.html -L 'Note: this file exempt from check-for-subheading-anchors check' _site/ \
 	  | xargs grep '<h[23456]' \
 	  | grep -v '<h[23456][^>]* id=' | eval $(ERROR_ON_OUTPUT)
+
+check-for-javascript-in-svgs:
+## Security check: don't allow any SVGs that contain Javascript.
+	$S find _site/ -name '*.svg' | xargs grep '<script' | eval $(ERROR_ON_OUTPUT)