Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
react-svg
Advanced tools
Readme
A React component that injects SVG into the DOM.
Background | Basic Usage | Live Examples | API | Installation | FAQ | License
Let's say you have an SVG available at some URL, and you'd like to inject it into the DOM for various reasons. This module does the heavy lifting for you by delegating the process to @tanem/svg-injector, which makes an AJAX request for the SVG and then swaps in the SVG markup inline. The async loaded SVG is also cached, so multiple uses of an SVG only require a single server request.
import { createRoot } from 'react-dom/client'
import { ReactSVG } from 'react-svg'
const container = document.getElementById('root')
const root = createRoot(container)
root.render(<ReactSVG src="svg.svg" />)
Props
src
- The SVG URL.afterInjection(svg)
- Optional Function to call after the SVG is injected. svg
is the injected SVG DOM element. If an error occurs during execution it will be routed to the onError
callback, and if a fallback
is specified it will be rendered. Defaults to () => {}
.beforeInjection(svg)
- Optional Function to call just before the SVG is injected. svg
is the SVG DOM element which is about to be injected. If an error occurs during execution it will be routed to the onError
callback, and if a fallback
is specified it will be rendered. Defaults to () => {}
.desc
- Optional String used for SVG <desc>
element content. If a <desc>
exists it will be replaced, otherwise a new <desc>
is created. Defaults to ''
, which is a noop.evalScripts
- Optional Run any script blocks found in the SVG. One of 'always'
, 'once'
, or 'never'
. Defaults to 'never'
.fallback
- Optional Fallback to use if an error occurs during injection, or if errors are thrown from the beforeInjection
or afterInjection
functions. Can be a string, class component, or function component. Defaults to null
.httpRequestWithCredentials
- Optional Boolean indicating if cross-site Access-Control requests for the SVG should be made using credentials. Defaults to false
.loading
- Optional Component to use during loading. Can be a string, class component, or function component. Defaults to null
.onError(error)
- Optional Function to call if an error occurs during injection, or if errors are thrown from the beforeInjection
or afterInjection
functions. error
is an unknown
object. Defaults to () => {}
.renumerateIRIElements
- Optional Boolean indicating if SVG IRI addressable elements should be renumerated. Defaults to true
.title
- Optional String used for SVG <title>
element content. If a <title>
exists it will be replaced, otherwise a new <title>
is created. Defaults to ''
, which is a noop.useRequestCache
- Optional Use SVG request cache. Defaults to true
.wrapper
- Optional Wrapper element types. One of 'div'
, 'span'
or 'svg'
. Defaults to 'div'
.Other non-documented properties are applied to the outermost wrapper element.
Example
<ReactSVG
afterInjection={(svg) => {
console.log(svg)
}}
beforeInjection={(svg) => {
svg.classList.add('svg-class-name')
svg.setAttribute('style', 'width: 200px')
}}
className="wrapper-class-name"
desc="Description"
evalScripts="always"
fallback={() => <span>Error!</span>}
httpRequestWithCredentials={true}
loading={() => <span>Loading</span>}
onClick={() => {
console.log('wrapper onClick')
}}
onError={(error) => {
console.error(error)
}}
renumerateIRIElements={false}
src="svg.svg"
title="Title"
useRequestCache={false}
wrapper="span"
/>
⚠️This library depends on @tanem/svg-injector, which uses
Array.from()
. If you're targeting browsers that don't support that method, you'll need to ensure an appropriate polyfill is included manually. See this issue comment for further detail.
$ npm install react-svg
There are also UMD builds available via unpkg:
For the non-minified development version, make sure you have already included:
For the minified production version, make sure you have already included:
This module delegates it's core behaviour to @tanem/svg-injector, which requires the presence of a parent node when swapping in the SVG element. The swapping in occurs outside of React flow, so we don't want React updates to conflict with the DOM nodes @tanem/svg-injector
is managing.
Example output, assuming a div
wrapper:
<div> <!-- The wrapper, managed by React -->
<div> <!-- The parent node, managed by @tanem/svg-injector -->
<svg>...</svg> <!-- The swapped-in SVG, managed by @tanem/svg-injector -->
</div>
</div>
See:
Related issues and PRs:
MIT
FAQs
A React component that injects SVG into the DOM.
The npm package react-svg receives a total of 131,385 weekly downloads. As such, react-svg popularity was classified as popular.
We found that react-svg demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.