Does it make sense to sanitize the output of an SVG file?

It’s not completely pointless, but probably smart to sanitize, because of the following situations:

  1. What’s the certainty that the SVGs only come from you directly?
  2. Can you guarantee that the SVGs won’t be intercepted during upload?

Redundancies for keeping your site secure are generally recommended.

I don’t know that wp_kses() is the best for sanitizing SVGs though. I’d reference Safe SVG and see how that sanitizes.

Related Posts:

  1. Should I use spl_autoload_register() in my plugin?
  2. How can I save a multiple select array with the settings API for a plug-in options page?
  3. Include WP_Query in my own PHP file?
  4. Using register_activation_hook in classes
  5. Is there a way for a plugin to add an attribute to the tag of a theme?
  6. How to use update and delete query in wordpress
  7. Shortcode putting html such as
  8. Gutenberg Blocks doesn’t render correctly when using do_blocks
  9. add_meta_boxes action with refresh on save
  10. Resize Image without cropping
  11. My shortcode is showing up twice
  12. Database “Migration” for Plugins?
  13. Custom plugin issue when trying to use the shortcode twice on a page [closed]
  14. When is is_admin() available?
  15. Does wp-cron runs all tasks scheduled at same time together or one after other?
  16. Sanitizing, Validating and Escaping in WordPress (Plugin)
  17. Making Quote Plugin more efficient
  18. Hiding WordPress Plugin Source Code
  19. How do I use the Simple HTML DOM Parser in plugin when other plugin already uses it?
  20. Will simple function names in a class structure conflict with other plugins?
  21. Instantiate class to be available to all plugin functions
  22. How to test nonce with AJAX – Plugin development
  23. wp_loaded hook block script enquequing
  24. WP nonce invalid
  25. Is it necessary to sanitize wp_set_password user input?
  26. How can i upload images in an admin page?
  27. How to find error in my code when the error message is pointing to WP core file?
  28. Custom user login page by creating a plugin
  29. Singelton class does not work, multiple initialization on page reload
  30. Retrieve $_POST data submitted from external URL in WordPress(NOT API)
  31. How to upload a file to a folder named after the user_id via plugin
  32. Reprinting tags with all attributes
  33. developing a wordpress plugin, have a few PHP Woocommerce related coding questions
  34. Whitelisting items from custom options page
  35. Add_menu_page not displaying the menu in class based plugin
  36. Update results, Before deleting the related category [closed]
  37. adjust section according to country?
  38. Adding function to Genesis genesis_header [closed]
  39. how to update and display an option without reloading the page
  40. How to obtain the current website URL in my theme?
  41. What exactly do this function declared into functions.php file of a WP theme?
  42. How to use html inside a functions.php code?
  43. Plugin Generate Unexpected output during activation
  44. WordPress Environment: Dynamic Page using shortcode – how to change the page name for sharing
  45. Extend Woocommerce Widget Class – WC_Widget_Product_Categories
  46. Undefined method class::construct() when creating a plugin
  47. Hook called before text widget save
  48. zip unzip attachments in wordpress
  49. wpdb prepare insert table doesn’t work
  50. wordpress admin plugin menu custom css
  51. how to Update 15k products on plugin activation with meta_option
  52. Using admin-post.php for admin form but it directs me to admin-post.php white screen
  53. How can I display Custom Post type Custom Columns and its Content in a Dashboard Widget?
  54. Adding Additional Variables on Menus Page
  55. custom plugin with upload files does not work
  56. Using flickr api in custom wordpress plugin
  57. Toolbar Hidden in a Virtual Page
  58. What is the difference between Null vs Empty (Zero Length) string?
  59. PHP: $_SESSION destroyed after page reload for my custom session
  60. send popup after wp_redirect()
  61. no_rest_route error on custom routes
  62. How to correctly escape an echo
  63. Payment field disappears on custom Paypal plugin
  64. How to Remove Theme Style CSS inside Custom Plugin?
  65. Create ACF Checkbox to get all ACF Values from Parent Page
  66. Creating plugin with front-end pages
  67. How to Send Pingbacks for all Posts in WordPress?
  68. I am having errors with checkout on wordpress
  69. File is executed twice if plugin is activating
  70. product_type_options get saved value [closed]
  71. Display a custom name when the user has no name settle in his account
  72. How can I update the price when someone enters postcode or zip code in woocommerce checkout page?
  73. 400 bad request admin-ajax file upload
  74. get Woocommerce product format json for WP_Query
  75. Sum All the Post Meta of Published posts of Current Logged in user
  76. Update user meta when an external link in admin notice is clicked
  77. Is there an option to execute javascript file only on plugin activation
  78. The plugin generated 225 characters of unexpected output during activation
  79. Autoloading Classes in Plugins
  80. Ajax in a class instantiated via shortcode
  81. Parsing webhook from Shopify in WordPress
  82. Comparing Dates within plugin using PHP If statement
  83. Shortcode Works for Logged in Users but Not Working for Guest
  84. WordPress / PhpStorm / XDebug and plugin_dir_path issues
  85. Singleton plugin activation; create database
  86. Send data from plugin to external database
  87. See output of a sql query while plugin installation in wordpress
  88. Why this plugin is not working?
  89. Permission error on plugin save
  90. How to get WordPress Adminmenu items?
  91. How to execute add_action() function from custom plugin to Crontrol plugin or do_action()?
  92. How keep woocommerce users separeted in multisite install and keep admins on network
  93. base64_encode conflict with convert_smilies in wordpress
  94. Properly process a custom WP REST API request (Authenticate, Authorize + Validate)?
  95. Displaying custom meta box value in a custom post page
  96. Redirect posts to post editor page based on query string
  97. how to check elementor is widget is active or loaded
  98. Create a custom plugin with dynamic child pages listing database records
  99. Load style and script for custom post type metabox
  100. Permissions error when I use my plugin to delete comments in the front-end