BTW, HTML allows inline SVG with an XML-flavored syntax that interprets <script/> and <title> differently. It's a goldmine for sanitizer escapes. There are completely bonkers syntax switching and error recovery rules that interact with parsing modes (there's even an edge case where a particular attribute value switches between HTML and XML-ish parsing rules).
Don't even try to allow inline <svg> from untrusted sources! (and then you still must sanitise any svg files you host)
If you just serve SVGs through <img> tag it’ll be much safer. I never understood the appeal of inline <svg> anyways.
Inline SVG is stylable with CSS styles in the same HTML page.
Also animatible with the same context (Animation API, etc.) as the parent page, so different SVGs can influence each other’s animations.
Inline reduces round trips.
You can use img with a data url?