SVG in WordPress

calendar
icon view 677
icon comment 0
icon time 1 min.

Why doesn’t WordPress support SVG format?

The advantages of using SVG images in digital projects over other image files such as .png or .jpg is that it allows us to forget if it will look good on devices where the screen resolution is very large. It also saves weight in the files, which improves loading times.

Despite these advantages, WordPress by default does not allow us to load the SVG file format, mainly for safety reasons.

Safety issues with SVG files

SVG is an XML file, which by itself is open to vulnerabilities, while normal image formats are not affected. These are external attacks XML (XXE), y attacks XSS.

svg in wordpress

Solutions to security problems about SVG in WordPress

There are many SVG plugins in the WordPress repository that simply allow the MIME type to upload SVG files into the WordPress media library. This is not the safe way! So don’t download the first free SVG plugin you see and think you’re all set.

The reality is that SVGs need to be sanitized. Sanitization is basically cleaning up code or input to avoid security issues (such as code injection), code conflicts and bugs.

This is where Daryll Doyle’s SVG-Sanitizer library comes into play, which he refers to as “his attempt to build a decent SVG sanitizer in PHP”.

Daryll has developed a plugin, WP SVG (also known as Safe SVG), which uses his library when uploading SVG images to your WordPress media library. The plugin also allows you to view SVGs as normal images in the media library.

WP SVG Daryll

This plugin and/or method is not supported by WordPress core, so if we decide to use it, it will be at our own risk.

Buscar artículos por: ,
Categoría/s: Design and development web

Comentarios

Aún no hay comentarios. Se el primero en dejar tu opinión sobre este artículo.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Al comentar aceptas nuestra política de privacidad y política de cookies

Entradas relacionadas