[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types

WordPress Trac noreply at wordpress.org
Wed Jun 3 22:28:08 UTC 2015


#24251: Reconsider SVG inclusion to get_allowed_mime_types
---------------------------+-------------------------
 Reporter:  JustinSainton  |       Owner:
     Type:  enhancement    |      Status:  closed
 Priority:  normal         |   Milestone:
Component:  Upload         |     Version:
 Severity:  normal         |  Resolution:  maybelater
 Keywords:                 |     Focuses:
---------------------------+-------------------------
Changes (by jorbin):

 * status:  reopened => closed
 * resolution:   => maybelater


Comment:

 >What an assinine response.

 Please be respectful when discussing issues.

 Discussion can (and should) continue with the ticket closed. Until there
 exists a well tested and maintained library for svg sanitation, nothing is
 going to change here. As @iandunn correctly points out:

 >Mario Heiderich, one of the researchers who popularized the security
 issues, tried writing a sanitizer and
 [http://security.stackexchange.com/questions/26264/what-does-a-html-
 filter-need-to-do-to-protect-against-svg-attacks/30390#30390 found it to
 be harder] than even he imagined.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:31>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list