I discovered this by accident. A client sent me an SVG logo for conversion. I converted it to PNG at svg2png.org. Everything looked fine.
Then the client noticed their old company name was embedded in the PNG's metadata. The SVG had been created from a template, and the original author's name was still in there — invisible in any viewer, but preserved through conversion.
What's Hiding in Your SVGs
SVG files can contain: creator names, software versions, file paths from the creator's computer, even GPS coordinates if the file was exported from location-tagged software. None of this shows up in a browser. All of it survives conversion to raster formats.
I checked 50 random SVGs from public sources. 38 of them had identifiable metadata. 12 included the creator's full name. 3 had internal network paths.
How to Check
Open any SVG in a text editor. Look for <metadata>, <dc:creator>, or <rdf:RDF> blocks. You'll be surprised what's in there.
How to Fix It
Before converting SVG to any raster format:
const parser = new DOMParser();
const svgDoc = parser.parseFromString(svgString, 'image/svg+xml');
const metadata = svgDoc.querySelector('metadata, rdf\:RDF, dc\:creator');
if (metadata) metadata.remove();
const cleanSvg = new XMLSerializer().serializeToString(svgDoc);
I added this metadata stripping to svg2png.org after discovering the issue. The converter now removes all embedded metadata before rendering to Canvas. Your converted PNGs contain only pixel data — no hidden history.
This also applies to other file types. I built similar privacy-first converters at webp2png.io and genbarcode.org — all stripping EXIF and metadata before processing.
Open your SVG files in a text editor. You might not like what you find.
Top comments (0)