Can someone help confirm if the following SVG code is safe to use?
For context, I am adding a loading spinner in my app and I found that adding SVG code inside the html element is an easy way to achieve so. I came across this site Open Source SVG Loading Icons that has many open source spinners. I checked some of its SVG code and it seems self-contained and safe, but my knowledge is limited.
That SVG code is safe, however, best practice is to not allow end-users to upload SVG at all, unless you serialize the code.
Serializing the code prevents malicious use-cases like javascript injections and so-fourth.
To answer your question in general, SVG code CAN BE malicious, There are many-cases where bad actors will inject unsafe code into platforms/uploaders that allow SVG without serialization processing.
Thanks!
What about me as the developer using SVG code in an html element to display the loading spinner? Is that safe or is that prone to malicious injections too?
As long as you don’t inject anything malicious, it won’t be 
You can just use CSS for a loading spinner.
Thanks for the help!
