search

10up / safe-svg

Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.
https://wordpress.org/plugins/safe-svg/
GNU General Public License v2.0
258 stars 33 forks source link

Add options to disable SVG optimizer and sanitizer #138

Open EldarAgalarov opened 1 year ago

EldarAgalarov commented 1 year ago

Is your enhancement related to a problem? Please describe.

Hi. It would be nice to add an option that completely disables the SVG sanitizer when uploading SVG files. Many users, would not want their SVG files to be modified.

Designs

No response

Describe alternatives you've considered

No response

Code of Conduct

jeffpaul commented 1 year ago

@EldarAgalarov that, in general, sounds like a wildly unsafe and potentially insecure approach. As such, I'm not certain that's a scenario that we honestly want to support. That said, I'll leave this issue open to capture any additional community input before determining how best to react to this idea.

EldarAgalarov commented 1 year ago

@jeffpaul

There are risks that such optimizers and sanitizers may break SVG files by adding some visible artifacts.

Many users just want SVG support only without optimizers/sanitizers, i.e. the ability to upload SVG's to the WP media library and be able to display them correctly in Media and in WP posts and pages. Without any forced optimizations and sanitizations.

You can add options that will disable these optimizers/sanitizers for advanced users only by implementing them through WP filters. So by default optimizer and sanitizer will be enabled but if user wants to disable them then he can do it at his own risk.