This was a long-time issue in #gitea as well, where GH did offer SVG support, Gitea did not.
Here's the discussion. I did not look into the PR code, but believe they sanitize the SVG code. There's also a link to possible exploits if not doing that.
@humanetech @secretpeej @Mastodon @pixelfed sanitizing SVG is a fiendishly complicated affair, but it got better since last time I needed to deal with it -- `Content-Security-Policy: script-src 'none'` now exists.
This does require a separate domain/subdomain for hosting SVGs though, complicating deployment.
That's why I think converting server-side is the way to go.
The original server operated by the Mastodon gGmbH non-profit