Tim pointed out on bug 57550 that our SVG script checker doesn't check to ensure that the xml parser found the svg to be well formed. The checkSvgScriptCallback isn't called for any part of the svg following invalid xml, so anything that would be caught as a script in checkSvgScriptCallback is skipped.
In testing, it appears that modern versions of FF/Chrome/Opera all stop rendering svg files when they encounter invalid xml.
However, in case any older browsers ignore errors, we should also reject invalid xml for SVG uploads.
Version: unspecified
Severity: normal