Hello
After fixing the XXE vulnerability, Inkscape can no longer read SVGs that use entities in URLs. Notable cases include SVGs saved from Adobe Illustrator. There does not seem to be a way to replace these entities without reintroducing the XXE vulnerability. https://bugs.launchpad.net/inkscape/+bug/166371
I just wanted to point out that the best way to solve this would be to use libxml2's SAX parser or the newer XmlTextReader parser to directly construct the tree of Inkscape::XML::Node's, instead of postprocessing the XML tree obtained from the DOM-like parser. With this approach, we could intelligently substitute only string entities and ignore entities that point to URLs or external files. An additional bonus would be a reduction in memory use and load time, since the libxml2 DOM tree would not be created. http://www.xmlsoft.org/xmlreader.html
Regards, Krzysztof