[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types
WordPress Trac
noreply at wordpress.org
Tue Jul 7 03:38:14 UTC 2015
#24251: Reconsider SVG inclusion to get_allowed_mime_types
---------------------------+-----------------------
Reporter: JustinSainton | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Upload | Version:
Severity: normal | Resolution:
Keywords: early | Focuses:
---------------------------+-----------------------
Comment (by chriscct7):
Replying to [comment:42 enshrined]:
> I'm not aware of any established SVG sanitization libraries out there
but please do let me know if you've seen one. Wikimedia have a version
baked into their uploads handler (below) which I'll pull apart at some
point but from the looks of it, it's very regex based. I'll try and get in
contact with someone R.E. that though to see why they did it that way
>
>
https://git.wikimedia.org/raw/mediawiki%2Fcore.git/eba9321b2b75823f8e9797398f44944e8a05389a/includes%2Fupload%2FUploadBase.php
From my understanding of Wikimedia's system, they actually upload the SVG
and then after sanitizing it they convert it to a PNG, thus solving the
security issues, but also in the process losing all the benefits of having
an SVG in the first place.
From https://www.mediawiki.org/wiki/Manual:Image_administration
> MediaWiki supports SVG image rendering: if enabled, SVG images can be
used like other image files — they will automatically be rendered as a PNG
file and thumbnailed as needed on the fly.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:43>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list