Is there SVG sanitization code which has been formally proven correct and itself free of security vulnerabilities?