[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types

WordPress Trac noreply at wordpress.org
Tue Apr 14 21:52:19 UTC 2015

#24251: Reconsider SVG inclusion to get_allowed_mime_types
 Reporter:  JustinSainton             |       Owner:
     Type:  enhancement               |      Status:  new
 Priority:  normal                    |   Milestone:  Awaiting Review
Component:  Upload                    |     Version:
 Severity:  minor                     |  Resolution:
 Keywords:  dev-feedback needs-patch  |     Focuses:

Comment (by LewisCowles):

 #31258 has a patch I submitted combining upload support with media gallery
 (including grid) support, feel free to check it out.

 Can I just also make the point (from my post on #31973)

 > Sanitizing authorized user upload and input is a problem! It is not a
 feature, nor a benefit; it is most certainly not an improvement! It's like
 not letting a kid outside because they could hurt themselves or others,
 based on the fact they have hands, and hands can hold sharp pointy

 > I hope you can understand my passion and the point I am trying to make.

 The W3C & Slideshare linked btw, are also not reasons to not include SVG
 in WP core. I Have been stopping clients slamming hard-coded CSS and JS
 into their code since 2010, through explanation that it is not good for
 organisation and messes up their pages. It is a feature, not a bug, that
 SVG's with script tags can be uploaded, and it should be incumbent on site
 owners and contributors to see that authorized accessors of their
 installation of WordPress does not do such things.

 Bugs are softwae behaving in a way that is not expected. When I try to
 upload an SVG file, I expect it to upload. If it is invalid it is
 unreasonable of the author or distributor to think this is a WordPress
 issue. If I type script tags int an SVG and WordPress removes them without
 me asking it to, it is therefore unexpected and a bug!

Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:22>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list