https://github.com/wikimedia/mediawiki/blob/master/includes/upload/UploadBase.php#L1402
The bug with HREF validation in svg.
as described "# href with non-local target (don't allow http://, javascript:, etc)" it should filter out all non-local links, but it allows it.
How to fix: remove negation
if ($strippedElement === 'a'
&& preg_match( '!^https?://!im', $value ) )
){
...