[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types
WordPress Trac
noreply at wordpress.org
Wed Jun 3 22:28:08 UTC 2015
#24251: Reconsider SVG inclusion to get_allowed_mime_types
---------------------------+-------------------------
Reporter: JustinSainton | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Upload | Version:
Severity: normal | Resolution: maybelater
Keywords: | Focuses:
---------------------------+-------------------------
Changes (by jorbin):
* status: reopened => closed
* resolution: => maybelater
Comment:
>What an assinine response.
Please be respectful when discussing issues.
Discussion can (and should) continue with the ticket closed. Until there
exists a well tested and maintained library for svg sanitation, nothing is
going to change here. As @iandunn correctly points out:
>Mario Heiderich, one of the researchers who popularized the security
issues, tried writing a sanitizer and
[http://security.stackexchange.com/questions/26264/what-does-a-html-
filter-need-to-do-to-protect-against-svg-attacks/30390#30390 found it to
be harder] than even he imagined.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:31>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list