Does it make sense to sanitize the output of an SVG file?

It’s not completely pointless, but probably smart to sanitize, because of the following situations:

  1. What’s the certainty that the SVGs only come from you directly?
  2. Can you guarantee that the SVGs won’t be intercepted during upload?

Redundancies for keeping your site secure are generally recommended.

I don’t know that wp_kses() is the best for sanitizing SVGs though. I’d reference Safe SVG and see how that sanitizes.

Related Posts:

  1. Allow only 1 taxonomy per custom post type [duplicate]
  2. Custom plugin: Trying to show saved data on frontend
  3. Fatal error: Call to undefined function plugin_dir_path()
  4. How to make WordPress plugin check for database changes and then do something?
  5. How to change date language without changing the entire site language?
  6. How to use copy() function and paste file in /wp-content/themes directory
  7. OOP Plugin Development. Including external object
  8. Authenticating to WordPress, using my own authentication two-factor system
  9. wordpress custom endpoint multiple params
  10. Problem with WordPress Ajax form
  11. Am I not understanding plugins?
  12. Using Font Awesome as post thumbnail
  13. admin-ajax.php responding with 0
  14. Page Reloads Before AJAX Request Finishes
  15. Add htaccess rules with insert_with_markers at beginning of htaccess
  16. How to restrict wp generate attachment metadata() to certain intermediate image sizes
  17. Insert array data on plugin activation
  18. WordPress php filter admin_body_class not working
  19. Adding Default Settings to Theme My Login plugin
  20. Append HTML Using Shortcode
  21. Hide categories that are not used in the post type
  22. Automated Cart Update With Alert Box Each Time
  23. WooCommerce/WordPress: how hide entire table form after submit (Admin Dashboard)?
  24. How to sanitize any integer input field in wordpress?
  25. WordPress ajax doesn’t display object method on jQuery .change() function
  26. filter default query to show just selected level of child pages in wordpress
  27. How to make my custom widget appear within WordPress widgets? Plugin development
  28. How to auto fetch customer details in Woocommerce in checkout page
  29. Can’t upload image using media_sideload_image
  30. Adding widgets to my plugin page instead of WordPress dashboard
  31. How to insert data into database using wp cron job
  32. Access Child Class of Plugin Main Class Instance
  33. Font Awesome changing default WordPress Font
  34. Can’t print Yoast meta description into page template (syntax error, unexpected ‘.’) [closed]
  35. Download full html page with CSV export plugin
  36. Asynchronous multiple requests 401 Unauthorized
  37. Using data sent via AJAX in multiple functions on a WP plugin
  38. What does -> mean in WordPress?
  39. Usage of call back function of add_meta_box()
  40. Change product_base programmatically
  41. How to add the sidebar to all the pages except the home page? [closed]
  42. how to save checkbox data for custom setting?
  43. WordPress shortcode returns the data before
  44. Plugin development and composer
  45. How to Schedule Cronjobs for start of every month and year
  46. Set default Database Storage Engine when creating tables with plugins?
  47. custom post type with role Vendor
  48. Restrict characters in comment section
  49. Execute Jquery when a specific page in my plugin is loading
  50. How can I get plugin meta data without knowing the plugin folder?
  51. Flatten Responses returned via WP REST API via WP_Error for obfuscation
  52. How does add_option() function enable action hooks to fire right after actiavtion?
  53. Ajax on the Administration Side of plugin – wp_localize_script – how to pass value from JQuery to PHP function in class?
  54. Create plugin with custom page and template caused an error `Call to undefined function get_header()`
  55. WordPress can’t use ZipArchive
  56. How to change basename url for wp-admin?
  57. Only the first image uploads
  58. WordPress loading progess – wp-blog-header.php
  59. Illegal string offset checkbox
  60. Custom plugin: how do I call a PHP file if settings option is set to true?
  61. Trying to use a variable to set image width
  62. wp_update_post gives 500 internal error
  63. Trouble matching strings (titles) using wp_query
  64. How to identify which php file a plugin is using on page load?
  65. dashboard widget form not submit mails
  66. In a foreach loop, how can I add a meta value if it doesn’t exist?
  67. Looping through and combining calls to Woocommerce REST API
  68. Should I use wp_cache in my plugin to make it faster?
  69. register_setting not save checkbox
  70. How to import woocommerce custom fields data into another site?
  71. When I create a new custom post type, it replaces the old post type
  72. How does one make a URL return dynamic JSON with custom Content Type?
  73. Customizer textarea with script tag won’t work in live preview
  74. How to give custom roles the capability to edit one Menu instead of every Menu
  75. add menu page in loop menu order
  76. Add .php to end of all WordPress Pages (multisite)
  77. defined (‘ABSPATH’) false after AJAX post to other PHP-file
  78. Getting Member Data From WhishList Member on Register
  79. Private messaging – Getting and displaying the avatar/url of a message recipient
  80. global $post inside plugin query messes up every new post page in wp-admin
  81. wp_query (or hook) posts by date (id) in array then set post_type
  82. Chosen Select jquery Not Working in Plugin
  83. widget: input the px value from user and use it as inline style in widget function
  84. Custom post type single page return to listing page
  85. WordPress rewrite question
  86. Using Nonce for my Form
  87. Create new folder and upload files to custom folder via wp_handle_upload
  88. Issues separating my Plugin pages into different files
  89. SHARING TO FACEBOOK – FROM DYNAMICALLY GENERATED PAGE
  90. How to hide Ads From Certain Categories?
  91. why is kses removing semicolon from inline style?
  92. Custom taxonomy with page post type – WordPress
  93. Query posts by custom taxonomy slug in WP REST API?
  94. oneOf JSON Schema validation not properly working for custom post meta value?
  95. Too few arguments at registering new templates in my plugin
  96. I want to lists posts in wordpress to nearest location entered by the user
  97. Displaying custom meta box value in a custom post page
  98. how to check elementor is widget is active or loaded
  99. Create a custom plugin with dynamic child pages listing database records
  100. Cannot Access ACF Field Values via my Plugin