[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types
WordPress Trac
noreply at wordpress.org
Thu Feb 6 20:02:40 UTC 2020
#24251: Reconsider SVG inclusion to get_allowed_mime_types
---------------------------+------------------------------
Reporter: JustinSainton | Owner: (none)
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version:
Severity: normal | Resolution:
Keywords: early | Focuses:
---------------------------+------------------------------
Comment (by douglasuk):
It's about time WordPress entered the modern era and allowed for both WebP
and SVG natively. I hear about the concerns over code injection, which I
think are rather overblown for most small sites (which I guess is the vast
majority of users). I put svg direct into style sheets, direct into
templates, but I can't (without a plugin) put them into the media store:
it doesn't make sense.
SVG scripts are supposed to be ringfenced: they shouldn't be able to get
outside of the SVG container. If someone writes a browser badly, well,
security loopholes always need fixing.
If an administrator wants to stop someone uploading graphics, or animated
graphics (gif, png, svg), or just a particular type of graphic, that makes
some sense. It does not make sense to refuse to allow the full gamut of
what an SVG can do by automatically 'sanitizing' the code: that just makes
WordPress less than it could be, or makes me keep bodging it by inclusion
in theme files.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:90>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list