Add a toggle to skip the svg encoding of images

[gwincr11]

The svg being encoded to base64 introduced in #2018 is not a secure option for GitHub's use case. This pr adds an option to bypass this encoding so we can continue to use the standard svg output.

[blink1073]

Thank you!

[gwincr11]

Thanks!

[jstorrs]

Can you provide some information about how base64 encoded XML is "not a secure option"?

Everything I've read is the opposite--bare SVG directly encorporated into the DOM is a major security problem unless that SVG is known to be trusted since the SVG becomes indistinguishable from the DOM and has full access to the page. Specifically: see GHSL-2021-1018 which discloses this injection vulnerability in nbconvert.
Malicious SVG can include javascript, premature closing tags, etc. Base64 encoding the svg specifically triggers isolation in browsers that prevent this sort of mischief. That isolation does not exist when incorporated directly into the page as this flag enables.

I have no issue with the flag being made available, but I find the discussion to be very misleading. This flag enables vulnerabilities and does not increase security at all. It should be clearly marked as enabling unsafe behavior IMHO.

[gwincr11]

I am not on the security teams so I am not the expert here. What I can say is that in reviewing attack vectors in python notebooks when building the notebook rendering service, base64 encoded data and image attributes were called out as a particular concern, so we strip all base64 encoded data regardles of where it is on the page. https://subfn.net/2020/04/14/base64-tricks/

We can more easily detect svg images and clear out what we don't want, the obfuscation of base64 makes it impossible to know what is in the payload.