Escaping SVG with KSES

Found your question as I was searching for an answer. I tried experimenting a bit more with wp_kses and found that lower-casing viewbox in the arguments seems to fix the issue. You don’t have to put the actual attribute on the SVG in lowercase, just the wp_kses() argument.

This may be more than you need, but here’s what I’m using right now:

<?php
$kses_defaults = wp_kses_allowed_html( 'post' );

$svg_args = array(
    'svg'   => array(
        'class' => true,
        'aria-hidden' => true,
        'aria-labelledby' => true,
        'role' => true,
        'xmlns' => true,
        'width' => true,
        'height' => true,
        'viewbox' => true, // <= Must be lower case!
    ),
    'g'     => array( 'fill' => true ),
    'title' => array( 'title' => true ),
    'path'  => array( 'd' => true, 'fill' => true,  ),
);

$allowed_tags = array_merge( $kses_defaults, $svg_args );

echo wp_kses( $rich_text_that_might_include_SVGs, $allowed_tags );

Related Posts:

  1. Typical wp_kses $allowed
  2. wp_kses vs wp_strip_all_tags
  3. wp_kses_post only removes tags, but not their content
  4. wp_kses() strips data attributes even if it’s in the allowed list
  5. Allow html comments with kses
  6. Why wp_kses() not working for rel, target of link in WordPress
  7. Why is WordPress Breaking Custom Elements with Hyphens Into Element and Attribute?
  8. Whitelist a single SVG for use in post_content
  9. Any ideas how to allow CSS input to perfectly work in the text area with wp_kses?
  10. wp_filter_kses allow HTML5 video?
  11. SVG center horizontal and vertical line
  12. Adding border to SVG image
  13. How to change the color of an svg element?
  14. SVG Fill Color Not Working
  15. D3 Appending Text to a SVG Rectangle
  16. How to add a tooltip to an svg graphic?
  17. How to use z-index in svg elements?
  18. SVG transparent background web
  19. SVG drop shadow using css3
  20. How to extract svg as file from web page
  21. How to set text color for my d3 chart title?
  22. SVG files not uploading since most recent WP update
  23. For what security reasons are svgs blocked in the media uploader?
  24. Ways to handle SVG rendering in wordpress?
  25. Escaping and sanitizing SVGs in metabox textarea
  26. How to get SimplePie fetch_feed without stripping iframe code?
  27. What to use instead of wp_kses() in user output
  28. How to upload SVG in WordPress 4.9.8?
  29. Can’t extract and set SVG dimensions
  30. Issue with wp_get_attachment_image() and SVG file type
  31. Understanding SVG vulnerabilities in WordPress related to a specific fix
  32. Tiny MCE editor stripping xlink:href parameter from SVG USE tag
  33. how to escape wp_oembed_get for phpcs
  34. How to Include SVG sprites icons into the body tag? [closed]
  35. Allowing more elements in comments via functions.php
  36. getting uploaded SVG dimensions on front-end
  37. How do I enable the customize theme page to accept svg’s?
  38. What is the difference between strip_tags and wp_filter_nohtml_kses?
  39. How to allow data:image attribute in src tag during post insert?
  40. WP Editor strips input placeholder attribute
  41. Adding extra SVGs to TwentyNineteen child theme using class TwentyNineteen_SVG_Icons
  42. Add custom SVG icons to Social Icon MENU in WordPress Twenty Seventeen Child Theme
  43. Change allowed HTML tags for comments
  44. use of tag into wordpress
  45. How to implement my own icons instead of using the svg icon system
  46. Replace Home with image link inside custom header menu
  47. Set media metadata (i.e. “dimensions” field) on SVG file after extracting it with a filter
  48. Allowing SVG uploads in media uploader without plug-in
  49. How to use a svg as custom header?
  50. How to remove SVG Files inline code of WordPress Footer?
  51. Featured Image .svg height and width 1px only
  52. How to allow internal links using wp_kses filtration
  53. Why does SVG upload in Media Library fail if the file does not have an XML tag at the beginning?
  54. Proper use of internationalization
  55. wp_kses and magic quotes
  56. Insert SVG code (not img) in HTML block
  57. SVG Featured image not shown in twitter
  58. HTML Entities displaying improperly as malformed escaped code
  59. Allow iframes from specific sites?
  60. Make WordPress process admin group comments using $allowedtags
  61. How can I remove the kses filters when saving a specific post type ? (it breaks my JSON)
  62. Use Icomoon external svg file with
  63. Is it possible to run wp_kses on all posts?
  64. Add other social networks to TwentyNineteen_SVG_Icons class in child theme?
  65. I want to allow the use of a data-flw attribute in links in comments
  66. Add Attribute to p Tag of Post Content
  67. Only allow site url in text field using wp_kses/wp_filter_nohtml_kses?
  68. sanitize vimeo embed code?
  69. How to prevent WordPress to remove my embedded SVG images
  70. How to upload and style svg logo?
  71. How do I include SVG file used as featured image?
  72. Upload Custom Mime Types in WordPress (SVG, WebP)
  73. Are SVG image files safe to upload? Why WP defines them as a security risk? [duplicate]
  74. Broken kses.php function “wp_kses_named_entities” crashes WordPress
  75. Can you change the color of svg icons to the global color I choose from WordPress
  76. Querying a large number of posts including their custom fields data
  77. download svg to png size image
  78. Replace custom SVG icons in Twenty Twenty-One
  79. SVG upload does not work
  80. Hover a css icon width other color inside wp_get_attachment_image
  81. Completely remove SVG icon load in child theme of Twenty Twenty-one theme
  82. SVG not displaying in Media Tab in Backend
  83. SVG icons in Twenty Nineteen
  84. SVG Upload to WordPress Issue
  85. Create Gutenburg Block to render inline SVG
  86. WordPress Block.js SVG createElement
  87. Expected an identifier and instead saw ‘
  88. import svg-files from wxr – (upload works, import not)
  89. WordPress post_content gets deleted in cron after wp_update_post
  90. Enable CORS for getting an inline SVG by URL
  91. wp_kses allow checkbox class and checked
  92. How to delay display of page elements until enqueued script has injected html
  93. Add Protocol to Custom Menus
  94. Why is `–` converted into ndash and how can I get rid of it?
  95. change with CSS the color of an svg background image set with “background-image: url()”
  96. why is kses removing semicolon from inline style?
  97. SVG Icon Code Support in WordPress Custom Html Widget? Not Working
  98. Can’t upload svg files in WordPress
  99. Why isn’t my SVG path rotating on scroll on iPhones?
  100. Multisite, but wp_kses_allowed_html only for one subsite?

Leave a Comment