Closed cr0ybot closed 4 years ago
Yeah, this does more than sanitize. It breaks even the simple animations at CSS-Tricks. I'm not sure if there is an easy way around that, but maybe it's possible to reliably sanitize some of these animations. SVG is a handy format for the web, and it would be nice if it was supported by everyone in email. Many email clients do, but Gmail for instance just eliminates it.
Hi Both, for reasons the <animate>
tag is stripped by default, please see the following examples:
If you'd like to allow these yourself, then, by all means, feel free. This library just provides a sensible set of defaults and gives you the ability to adjust all allowed elements and attributes to suit your own preferences.
That said, I won't be changing this within the core library for the time being.
Should
<animate>
tags be whitelisted? I'm not sure if you've chosen to strip them out specifically, but 'animate' is not in the allowed tags array. I've used thesvg_allowed_tags
filter provided by the WordPress plugin to add it for now.