Fixed handling SVG files with missing tag

fix https://linear.app/tryghost/issue/SLO-151/[ghost]-cannot-read-properties-of-null-reading-attributes-an

- in the event the file doesn't contain a tag, the code currently crashes
  because it tries to read `attributes from `undefined`
- we can fix that by checking the first element exists before reading
  from it
- also includes a breaking test

ghost/core/core/server/web/api/middleware/upload.js

@@ -152,19 +152,23 @@ const checkFileIsValid = (fileData, types, extensions) => {
 };
 
 /**
- * 
+ *
- * @param {String} filepath 
+ * @param {String} filepath
  * @returns {Boolean}
- * 
+ *
  * Checks for the presence of <script> tags or 'on' attributes in an SVG file
- * 
+ *
  */
 const isSvgSafe = (filepath) => {
     const fileContent = fs.readFileSync(filepath, 'utf8');
     const document = new JSDOM(fileContent).window.document;
     document.body.innerHTML = fileContent;
     const svgEl = document.body.firstElementChild;
-    
+
+    if (!svgEl) {
+        return false;
+    }
+
     const attributes = Array.from(svgEl.attributes).map(({name}) => name);
     const hasScriptAttr = !!attributes.find(attr => attr.startsWith('on'));
     const scripts = svgEl.getElementsByTagName('script');

ghost/core/test/unit/server/web/api/middleware/upload.test.js

@@ -63,5 +63,10 @@ describe('web utils', function () {
             dirtySvgContent.should.not.containEql('<script');
             validation.isSvgSafe(filepath).should.be.true;
         });
+
+        it('returns false for malformed svg', async function () {
+            const filepath = path.join(__dirname, imageFixturePath, 'svg-malformed.svg');
+            validation.isSvgSafe(filepath).should.be.false;
+        });
     });
 });

ghost/core/test/utils/fixtures/images/svg-malformed.svg

@@ -0,0 +1 @@
+<