[wp-trac] [WordPress Trac] #46636: Error for SVG
WordPress Trac
noreply at wordpress.org
Mon Mar 25 12:52:29 UTC 2019
#46636: Error for SVG
------------------------------+------------------------
Reporter: prajakta gadhave | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version:
Severity: normal | Resolution: duplicate
Keywords: needs-patch | Focuses:
------------------------------+------------------------
Changes (by swissspidy):
* status: new => closed
* resolution: => duplicate
* milestone: Awaiting Review =>
Comment:
The original report for reference:
https://github.com/WordPress/gutenberg/issues/14610
By default, users without the `unfiltered_html` capability are not allowed
to upload SVG files for security reaons, and it seems the same applies to
manually adding `svg` elements in post content. SVGs can contain malicious
JavaScript, and it's not trivial to sanitize them. There are plugins that
[https://wordpress.org/plugins/safe-svg/ utilize] dedicated libraries for
this.
For your block you could think about rendering them in PHP using
`render_callback` instead of saving any SVG directly.
Apart from that, we are tracking SVG support in core in #24251, so I am
closing this ticket here as a duplicate in order to keep discussion at one
place.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46636#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list