Allow embedded resource URLs if external resources are disabled

imageio/imageio-batik/src/main/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReader.java

@@ -655,7 +655,7 @@ public class SVGImageReader extends ImageReaderBase {
                 if (allowExternalResources) {
                     return super.getExternalResourceSecurity(resourceURL, docURL);
                 }
-                return new NoLoadExternalResourceSecurity();
+                return new EmbededExternalResourceSecurity(resourceURL);
             }
         }
     }

imageio/imageio-batik/src/test/java/com/twelvemonkeys/imageio/plugins/svg/SVGImageReaderTest.java

@@ -297,6 +297,25 @@ public class SVGImageReaderTest extends ImageReaderAbstractTest<SVGImageReader>
         }
     }
 
+    @Test
+    public void testReadEmbeddedWithDisallowExternalResources() throws IOException{
+        // File using "data:" URLs for embedded resources
+        URL resource = getClassLoaderResource("/svg/embedded-data-resource.svg");
+        SVGImageReader reader = createReader();
+
+        TestData data = new TestData(resource, (Dimension) null);
+        try (ImageInputStream stream = data.getInputStream()) {
+            reader.setInput(stream);
+
+            SVGReadParam param = reader.getDefaultReadParam();
+            param.setAllowExternalResources(false);
+            reader.read(0, param);
+        }
+        finally {
+            reader.dispose();
+        }
+    }
+
     @Test(expected = SecurityException.class)
     public void testDisallowedExternalResources() throws URISyntaxException, IOException {
         // system-property set to true in surefire-plugin-settings in the pom