[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types
WordPress Trac
noreply at wordpress.org
Wed Nov 16 16:45:46 UTC 2022
#24251: Reconsider SVG inclusion to get_allowed_mime_types
---------------------------+------------------------------
Reporter: JustinSainton | Owner: (none)
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version:
Severity: normal | Resolution:
Keywords: early | Focuses:
---------------------------+------------------------------
Comment (by iandunn):
A few years have passed, and Safe SVG now has 700k active installs, and is
being maintained by 10up. I think those are positive signals, but I still
suspect that [https://core.trac.wordpress.org/ticket/24251#comment:34 any
PHP approach is fundamentally insecure].
I'd be very happy to be proven wrong, though, since allowing SVG uploads
would be a great feature. I think the best thing to do would be to hire
[https://cure53.de/ Cure53] to do an expert audit of the underlying
library. If it passes that (or can be made to pass), then I wouldn't have
any objections to moving forward.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:99>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list