SVGRenderer should not retain state between loading 2 different SVGs

[fsih]

SVGRenderer is confusing to use because it retains state. If we want to use SVGRenderer asynchronously, which we are discussing doing, we will need to maintain the state differently.

Steps to Reproduce

Explain what someone needs to do in order to see what's described in Actual behavior above

Operating System and Browser

e.g. Mac OS 10.11.6 Safari 10.0

[adroitwhiz]

If we want to use SVGRenderer asynchronously, which we are discussing doing

I'm curious what this is for! I know that fixing image dimensions from 2.0 SVGs (#58) requires loading those images to figure out their dimensions, which is asynchronous, but not sure if there's anything else happening now

[cwillisf]

Since SVG is such a flexible image format, we'd like to sandbox our handling of SVGs more thoroughly. Most of the sandboxing methods we're thinking about, like putting the measuring code into an iframe, would make more of the process asynchronous.

[apple502j]

If that's to prevent XSS or similar attacks (as we discussed in October), then we only need to put the SVG itself inside sandbox.

We probably need to use either data URI or blob as srcdoc does not work on Legacy Edge. With sandbox="" we can disable script execution, but the parent can still access the contents via contentDocument.