Skip to main content

Upload Subscription Svg Route

POST 
/admin/subscriptions/:slug/svg

Upload an SVG variant for an existing subscription product.

Flow:

  1. Validate variant against the 4-value :data:_SUBSCRIPTION_SVG_VARIANTS whitelist (CHECK parity).
  2. Read the file up to _MAX_SVG_BYTES + 1 - one byte over the cap tells us the caller tried to exceed it without reading the whole (possibly huge) upload into memory.
  3. Sanitize through the hardened :func:sanitize_svg (XXE rejection, element / attribute whitelist, href / event handler stripping).
  4. Optimize through scour via :func:optimize_svg (graceful degrade on any scour error).
  5. Upsert via :func:db.subscription.upsert_subscription_svg.

sanitize_svg raises :class:ValueError on any failure - we translate that to :class:InvalidSvg so the existing _invalid_svg handler renders the canonical {"error": "invalid_svg", "message": "..."} body (SCRIFT-65 HTTP error-shape contract in IMPLEMENTATION_STANDARDS §4). Raising HTTPException(detail={"error": ...}) here would produce {"detail": {"error": ...}} instead - subtly but breakingly different for SDK consumers.

Request

Responses

Successful Response