GithubHelp home page GithubHelp logo

iandelmar / safe-svg Goto Github PK

View Code? Open in Web Editor NEW

This project forked from 10up/safe-svg

0.0 1.0 0.0 2.46 MB

Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.

Home Page: https://wordpress.org/plugins/safe-svg/

License: GNU General Public License v2.0

Shell 0.31% JavaScript 29.77% PHP 69.23% CSS 0.24% SCSS 0.45%

safe-svg's Introduction

Safe SVG

Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website

Support Level Release Version WordPress tested up to version GPLv2 License Dependency Review E2E test PHP Compatibility PHPCS PHPUnit

Overview

Safe SVG is the best way to Allow SVG Uploads in WordPress!

It gives you the ability to allow SVG uploads whilst making sure that they're sanitized to stop SVG/XML vulnerabilities affecting your site. It also gives you the ability to preview your uploaded SVGs in the media library in all views.

Current Features

  • Sanitised SVGs - Don't open up security holes in your WordPress site by allowing uploads of unsanitised files.
  • View SVGs in the Media Library - Gone are the days of guessing which SVG is the correct one, we'll enable SVG previews in the WordPress media library.

Features on the Roadmap

  • SVGO Optimisation - You'll have the option to run your SVGs through our SVGO server on upload to save you space.
  • Choose Who Can Upload - Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload.

Initially a proof of concept for #24251.

SVG Sanitization is done through the following library: https://github.com/darylldoyle/svg-sanitizer.

Requirements

Installation

Install through the WordPress directory or download, unzip and upload the files to your /wp-content/plugins/ directory.

Frequently Asked Questions

Can we change the allowed attributes and tags?

Yes, this can be done using the svg_allowed_attributes and svg_allowed_tags filters. They take one argument that must be returned. See below for examples:

add_filter( 'svg_allowed_attributes', function ( $attributes ) {

    // Do what you want here...

    // This should return an array so add your attributes to
    // to the $attributes array before returning it. E.G.

    $attributes[] = 'target'; // This would allow the target="" attribute.

    return $attributes;
} );


add_filter( 'svg_allowed_tags', function ( $tags ) {

    // Do what you want here...

    // This should return an array so add your tags to
    // to the $tags array before returning it. E.G.

    $tags[] = 'use'; // This would allow the <use> element.

    return $tags;
} );

Support Level

Active: 10up is actively working on this, and we expect to continue work for the foreseeable future including keeping tested up to the most recent version of WordPress. Bug reports, feature requests, questions, and pull requests are welcome.

Changelog

A complete listing of all notable changes to Safe SVG are documented in CHANGELOG.md.

Contributing

Please read CODE_OF_CONDUCT.md for details on our code of conduct, CONTRIBUTING.md for details on the process for submitting pull requests to us, and CREDITS.md for a listing of maintainers of, contributors to, and libraries used by Safe SVG.

Like what you see?

Work with us at 10up

safe-svg's People

Contributors

jeffpaul avatar dkotter avatar iamdharmesh avatar darylldoyle avatar faisal-alvi avatar dependabot[bot] avatar peterwilsoncc avatar mehidi258 avatar mehulkaklotar avatar kadamwhite avatar mallardduck avatar sidsector9 avatar cadic avatar ocean90 avatar joehoyle avatar roborourke avatar zodiac1978 avatar

Watchers

 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.