[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types
WordPress Trac
noreply at wordpress.org
Tue Jul 7 21:18:26 UTC 2015
#24251: Reconsider SVG inclusion to get_allowed_mime_types
---------------------------+-----------------------
Reporter: JustinSainton | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Upload | Version:
Severity: normal | Resolution:
Keywords: early | Focuses:
---------------------------+-----------------------
Comment (by chriscct7):
Replying to [comment:45 enshrined]:
> Replying to [comment:43 chriscct7]:
> > From my understanding of Wikimedia's system, they actually upload the
SVG and then after sanitizing it they convert it to a PNG, thus solving
the security issues, but also in the process losing all the benefits of
having an SVG in the first place.
> >
> > From https://www.mediawiki.org/wiki/Manual:Image_administration
> > > MediaWiki supports SVG image rendering: if enabled, SVG images can
be used like other image files — they will automatically be rendered as a
PNG file and thumbnailed as needed on the fly.
>
> Yeah that seems correct, from what I can see they remove any script
elements and then just convert to multiple PNGs of different sizes. They
then serve the PNGs as the images on-site and just offer the SVG as a
direct download from the media page.
Yeah they're just sanitizing it enough so that there isn't any security
concerns when running the SVG to PNG converter
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:46>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list