[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types
WordPress Trac
noreply at wordpress.org
Wed Jun 3 13:24:34 UTC 2015
#24251: Reconsider SVG inclusion to get_allowed_mime_types
---------------------------+-----------------------
Reporter: JustinSainton | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Upload | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
---------------------------+-----------------------
Changes (by Kelderic):
* status: closed => reopened
* resolution: wontfix =>
Comment:
The argument here seems to be whether scripts and in general insecure SVGs
should be allowed. However, what is the objection to allowing SVGs but
sanitizing them, as in one of the attached patches? If the SVG is changed,
the user could be notified with something like "Image upload was
successful. However, there was potentially insecure code inside the image
which has been removed. Please check your image to see if it still appears
correctly. For more information, see [Link]"?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list