[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types
WordPress Trac
noreply at wordpress.org
Mon Mar 27 19:24:23 UTC 2023
#24251: Reconsider SVG inclusion to get_allowed_mime_types
-------------------------------+------------------------------
Reporter: JustinSainton | Owner: (none)
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version:
Severity: normal | Resolution:
Keywords: early 2nd-opinion | Focuses:
-------------------------------+------------------------------
Comment (by joostdevalk):
> On the other hand perhaps WP may be "overthinking" this a little? Not
sure if SVGs are more insecure than JS. Yet any admin and editor (on
single site) can add any JS to any post. So perhaps uploading of SVGs may
be enabled but only by users with unfiltered_html capability and perhaps
with a nice, big warning in the UI?
I'm 100% in favor of doing this as a first step. We need SVG support
people!
Of course, I'd be even more in favor of just merging
[https://wordpress.org/plugins/safe-svg/ something like this] (which, I
know, was a proof of concept for this ticket).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:105>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list