[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types

WordPress Trac noreply at wordpress.org
Thu Feb 6 20:02:40 UTC 2020

#24251: Reconsider SVG inclusion to get_allowed_mime_types
 Reporter:  JustinSainton  |       Owner:  (none)
     Type:  enhancement    |      Status:  reopened
 Priority:  normal         |   Milestone:  Awaiting Review
Component:  Upload         |     Version:
 Severity:  normal         |  Resolution:
 Keywords:  early          |     Focuses:

Comment (by douglasuk):

 It's about time WordPress entered the modern era and allowed for both WebP
 and SVG natively. I hear about the concerns over code injection, which I
 think are rather overblown for most small sites (which I guess is the vast
 majority of users). I put svg direct into style sheets, direct into
 templates, but I can't (without a plugin) put them into the media store:
 it doesn't make sense.

 SVG scripts are supposed to be ringfenced: they shouldn't be able to get
 outside of the SVG container. If someone writes a browser badly, well,
 security loopholes always need fixing.

 If an administrator wants to stop someone uploading graphics, or animated
 graphics (gif, png, svg), or just a particular type of graphic, that makes
 some sense. It does not make sense to refuse to allow the full gamut of
 what an SVG can do by automatically 'sanitizing' the code: that just makes
 WordPress less than it could be, or makes me keep bodging it by inclusion
 in theme files.

Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:90>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list