[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types
WordPress Trac
noreply at wordpress.org
Thu May 2 20:04:49 UTC 2013
#24251: Reconsider SVG inclusion to get_allowed_mime_types
------------------------------------+------------------------------
Reporter: JustinSainton | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version:
Severity: minor | Resolution:
Keywords: has-patch dev-feedback |
------------------------------------+------------------------------
Comment (by chriscct7):
I would point out there are security issues with SVGs that need to be
dealt with before SVG's become a security loophole upon incorportation
into WordPress:
[http://www.w3.org/TR/SVGTiny12/mimereg.html Ref[1]]: List of security
issues with SVG by the W3C
[https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf
Ref[2]]: The SVG that called a person
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24251#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list