Better handling of SVG attributes which admit uri refs

Just strip out the URI ref, leaving alternates.

vendor/plugins/HTML5lib/lib/html5/sanitizer.rb

@@ -123,9 +123,9 @@ module HTML5
                 if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ and !self.class.const_get("ALLOWED_PROTOCOLS").include?(val_unescaped.split(':')[0])
                   attrs.delete attr
                 end
-                SVG_ATTR_VAL_ALLOWS_REF.each do |attr|
-                  attrs.delete attr if attrs[attr].to_s.downcase =~ /url\(\s*[^#]/m
               end
+              SVG_ATTR_VAL_ALLOWS_REF.each do |attr|
+                attrs[attr] = attrs[attr].to_s.gsub(/url\s*\(\s*[^#\s][^)]+?\)/m, ' ') if attrs[attr]
               end
               if attrs['style']
                 attrs['style'] = sanitize_css(attrs['style'])

vendor/plugins/HTML5lib/testdata/sanitizer/tests1.dat

@@ -424,15 +424,15 @@
 
   {
     "name": "absolute_uri_refs_in_svg_attributes",
-    "input": "<rect fill='url(http://bad.com/)' />",
-    "rexml": "<rect></rect>",
-    "xhtml": "<rect></rect>",
-    "output": "<rect/>"
+    "input": "<rect fill='url(http://bad.com/) #fff' />",
+    "rexml": "<rect fill='  #fff'></rect>",
+    "xhtml": "<rect fill='  #fff'></rect>",
+    "output": "<rect fill='  #fff'/>"
   },
 
   {
     "name": "uri_ref_with_space_in svg_attribute",
-    "input": "<rect fill=\"url(\n#foo)\" />",
+    "input": "<rect fill='url(\n#foo)' />",
     "rexml": "<rect fill=\'url(\n#foo)\'></rect>",
     "xhtml": "<rect fill=\'url(\n#foo)\'></rect>",
     "output": "<rect fill=\'url(\n#foo)\'/>"
@@ -441,8 +441,8 @@
   {
     "name": "absolute_uri_ref_with_space_in svg_attribute",
     "input": "<rect fill=\"url(\nhttp://bad.com/)\" />",
-    "rexml": "<rect></rect>",
-    "xhtml": "<rect></rect>",
-    "output": "<rect/>"
+    "rexml": "<rect fill=' '></rect>",
+    "xhtml": "<rect fill=' '></rect>",
+    "output": "<rect fill=' '/>"
   }
 ]