Fix SVG rendering by converting base64 SVG data URIs to inline <svg>

[donny-wong]

Proposed Changes

(Describe your changes here. Also describe the motivation for your changes: what problem do they solve, or how do they improve the application or codebase? If this pull request fixes an open issue, use a keyword to link this pull request to the issue.)

Summary

nbconvert embeds notebook SVG output as <img src="data:image/svg+xml;base64,…">.
Those SVG data-URI images don't survive our HTML pipeline — the src is dropped
during sanitization — so the graphics render blank. inline_svg_data_uris decodes
each of those data URIs and inlines the SVG as real <svg> markup (stripping any
<?xml?> prolog/DOCTYPE/comments) before it's sanitized, so the figures render.

This PR adds ApplicationHelper#inline_svg_data_uris,
which finds those <img> tags and replaces each with the decoded <svg>…</svg>
markup inlined directly into the document, so the SVG renders as real markup
instead of an (un-rendered) image reference. Any <?xml?> prolog, DOCTYPE, or
comments preceding the root <svg> element are stripped.

Usage

Output is sanitized at the call site:

<%= sanitize(
      inline_svg_data_uris(@html_content),
      scrubber: Rails::HTML::PermitScrubber.new(prune: true)
    ) %>

Security considerations

• The helper performs no sanitization of its own. Inlining moves the SVG
  from a sandboxed <img src="data:…"> context (scripts inert) into live DOM
  (scripts can run), so every caller MUST sanitize the result.
• SVG is "foreign content" with a history of sanitizer bypasses; requires
  rails-html-sanitizer >= 1.6.1 and a patched Nokogiri.
• Returns a plain (non-html_safe) String by design.

Screenshots of your changes (if applicable)

Associated documentation repository pull request (if applicable)

Type of Change

(Write an X or a brief description next to the type or types that best describe your changes.)

Type	Applies?
🚨 Breaking change (fix or feature that would cause existing functionality to change)
✨ New feature (non-breaking change that adds functionality)
🐛 Bug fix (non-breaking change that fixes an issue)	x
🎨 User interface change (change to user interface; provide screenshots)
♻️ Refactoring (internal change to codebase, without changing functionality)
🚦 Test update (change that only adds or modifies tests)
📦 Dependency update (change that updates a dependency)
🔧 Internal (change that only affects developers or continuous integration)

Checklist

(Complete each of the following items for your pull request. Indicate that you have completed an item by changing the [ ] into a [x] in the raw text, or by clicking on the checkbox in the rendered description on GitHub.)

Before opening your pull request:

• I have performed a self-review of my changes.
  • Check that all changed files included in this pull request are intentional changes.
  • Check that all changes are relevant to the purpose of this pull request, as described above.
• I have added tests for my changes, if applicable.
  • This is required for all bug fixes and new features.
• I have updated the project documentation, if applicable.
  • This is required for new features.
• If this is my first contribution, I have added myself to the list of contributors.

After opening your pull request:

• I have updated the project Changelog (this is required for all changes).
• I have verified that the pre-commit.ci checks have passed.
• I have verified that the CI tests have passed.
• I have reviewed the test coverage changes reported by Coveralls.
• I have requested a review from a project maintainer.

Questions and Comments

(Include any questions or comments you have regarding your changes.)

[coveralls]

Coverage Report for CI Build 27396759596

Coverage increased (+0.01%) to 90.221%

Details

• Coverage increased (+0.01%) from the base build.
• Patch coverage: 66 of 66 lines across 2 files are fully covered (100%).
• No coverage regressions found.

Uncovered Changes

No uncovered changes found.

Coverage Regressions

No coverage regressions found.

---

Coverage Stats

Relevant Lines:	50338
Covered Lines:	46405
Line Coverage:	92.19%
Relevant Branches:	2284
Covered Branches:	1071
Branch Coverage:	46.89%
Branches in Coverage %:	Yes
Coverage Strength:	126.25 hits per line

---

💛 - Coveralls

[Naragod]

LGTM

[david-yz-liu]

@donny-wong I left one question, but also please update the PR description with a screenshot showing the SVG image that was rendered in the notebook.

[david-yz-liu]

I'm not sure why the scrubber was changed? Doesn't the TargetScrubber preserve the SVG?