Stars: 202
Forks: 28
Pull Requests: 89
Issues: 63
Watchers: 50
Last Updated: 2023-09-15 13:33:53
Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.
License: GNU General Public License v2.0
Languages: CSS, PHP, Shell, JavaScript, SCSS
Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.
Safe SVG is the best way to Allow SVG Uploads in WordPress!
It gives you the ability to allow SVG uploads whilst making sure that they're sanitized to stop SVG/XML vulnerabilities affecting your site. It also gives you the ability to preview your uploaded SVGs in the media library in all views.
add_filter( 'safe_svg_optimizer_enabled', '__return_true' );
Initially a proof of concept for #24251.
SVG Sanitization is done through the following library: https://github.com/darylldoyle/svg-sanitizer.
SVG Optimization is done through the following library: https://github.com/svg/svgo.
Install through the WordPress directory or download, unzip and upload the files to your /wp-content/plugins/
directory.
Yes, this can be done using the svg_allowed_attributes
and svg_allowed_tags
filters.
They take one argument that must be returned. See below for examples:
add_filter( 'svg_allowed_attributes', function ( $attributes ) {
// Do what you want here...
// This should return an array so add your attributes to
// to the $attributes array before returning it. E.G.
$attributes[] = 'target'; // This would allow the target="" attribute.
return $attributes;
} );
add_filter( 'svg_allowed_tags', function ( $tags ) {
// Do what you want here...
// This should return an array so add your tags to
// to the $tags array before returning it. E.G.
$tags[] = 'use'; // This would allow the <use> element.
return $tags;
} );
Stable: 10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns. We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes. We otherwise intend to keep this tested up to the most recent version of WordPress.
A complete listing of all notable changes to Safe SVG are documented in CHANGELOG.md.
Please read CODE_OF_CONDUCT.md for details on our code of conduct, CONTRIBUTING.md for details on the process for submitting pull requests to us, and CREDITS.md for a listing of maintainers of, contributors to, and libraries used by Safe SVG.