673
1 min.Why doesn’t WordPress support SVG format?
The advantages of using SVG images in digital projects over other image files such as .png or .jpg is that it allows us to forget if it will look good on devices where the screen resolution is very large. It also saves weight in the files, which improves loading times.
Despite these advantages, WordPress by default does not allow us to load the SVG file format, mainly for safety reasons.
Safety issues with SVG files
SVG is an XML file, which by itself is open to vulnerabilities, while normal image formats are not affected. These are external attacks XML (XXE), y attacks XSS.
Solutions to security problems about SVG in WordPress
There are many SVG plugins in the WordPress repository that simply allow the MIME type to upload SVG files into the WordPress media library. This is not the safe way! So don’t download the first free SVG plugin you see and think you’re all set.
The reality is that SVGs need to be sanitized. Sanitization is basically cleaning up code or input to avoid security issues (such as code injection), code conflicts and bugs.
This is where Daryll Doyle’s SVG-Sanitizer library comes into play, which he refers to as “his attempt to build a decent SVG sanitizer in PHP”.
Daryll has developed a plugin, WP SVG (also known as Safe SVG), which uses his library when uploading SVG images to your WordPress media library. The plugin also allows you to view SVGs as normal images in the media library.
This plugin and/or method is not supported by WordPress core, so if we decide to use it, it will be at our own risk.
Categoría/s: Design and development web
Free hosting – Paid hosting
Designing a cover book
Image search engine
Leave a Reply