For what security reasons are svgs blocked in the media uploader?

SVG can contain JavaScript. JavaScript can be used to hijack cookies or do other questionable actions. It can even be “hidden” in namespaces:

<html xmlns:ø="http://www.w3.org/1999/xhtml">
   <ø:script src="https://0x.lv/" />
</html>

source

It is very hard to filter that out during the upload, so it is just not allowed by default.

Related Posts:

  1. How to Protect Uploads, if User is not Logged In?
  2. File Type Is Not Permitted – Cronjob
  3. How to Protect Uploads, if User is not Logged In?
  4. Cleanup uploads folder, Media Library db structure
  5. Rendering the uploaded file in a wp.media object
  6. How do I force WordPress to show most recent version of images in the media library?
  7. WordPress Media Manager 3.5 – default link to
  8. Linking a PDF as a downloadable document
  9. display image size in media library screen
  10. Understanding SVG vulnerabilities in WordPress related to a specific fix
  11. How to capture the selection:toggle event fired by wp.media
  12. Failed to import media from a local wordpress site to a live one
  13. Password protect some uploaded files, so only logged-in users can view them
  14. How to protect uploads in multisite if user is not logged in?
  15. Is is possible to crop an image after uploading
  16. Best plugin to manage media library? [closed]
  17. Image dimensions same as image size
  18. How to display all images “Uploaded By” an author
  19. Is it possible to generate JPEG progressive thumbnails?
  20. Change default tab of media manager
  21. Is email post notify visitor on new media upload possible?
  22. How to set additional parameter in wp.media?
  23. get total number of images from media using xml-rpc
  24. Audio Playlist : How to bind events for “track change”, “track end”?
  25. Images are registered in media library but still won’t show up
  26. How do I control video media display sizing with native wordpress player
  27. Handle lots of images within the media uploader / selector
  28. Rest API rename media
  29. Disable drag and upload in Media Library
  30. Custom media picker in meta box: how to select available image sizes?
  31. Image archive without date
  32. FTP files directly to Media Library wp-content\uploads
  33. How to get an image url from media library
  34. Add media column to edit post screen
  35. Uploading Media gives error “Missing a temporary folder.”
  36. Add custom tab on the media manager
  37. Organizing media uploads
  38. How to insert an Audio Player in a Post or Page?
  39. 3.5 Media Manager – callout in metaboxes
  40. Front end wp_editor not rendering audio/video links
  41. Force WordPress, themes & plugins into using defined sizes
  42. Media Manager: refresh library after new selection
  43. WordPress Media Image Manager — Creating Lots and Lots of Odd Sized Images
  44. Large image size stuck on old value, even for new images
  45. Can I force all uploaded images to be reduced in quality?
  46. Rotating image does not work for custom image sizes
  47. Audio Player for MP3 Files for WordPress
  48. How select multiple document as like media gallery
  49. Rebuild the entire WordPress uploads folder
  50. See List View – or Image titles- of Media Library when “Add Media” button is used
  51. How to hide some specific attachments using post meta from media library
  52. How to extend an existing (Gutenberg) block
  53. Importing Media IDs but not related attachment
  54. Allow Editor Role to Edit Media
  55. Bulk image importing from folders
  56. WordPress media file link with fancybox
  57. How to open a Media Uploader dialog with a particular image is selected
  58. Is it safe to allow non-admin users access to media uploader
  59. Editing image dimension – to edit the main image file
  60. media library not showing thumbnails after deleting full image
  61. Media attachment pages giving 404’s
  62. Extending wp.media.model, query media from different blog on network and refresh view
  63. Force image crop size in media editor
  64. Use staging media files on development site in WordPress
  65. Getting a specific value out of array using get_attached_media
  66. WordPress 3.6 native player is not responsive?
  67. Thumbnail images chopped off but not cropped to exact dimensions
  68. Theme loosing some images when moving to new server
  69. How to disable (and hide) the Media Library for certain users?
  70. Allow SVG in WP step by step
  71. formatting horizontal and vertical images in Settings?
  72. Get all media from wp-json/wp/v2/media
  73. Access generated thumbnails
  74. Publish / unpublish media items in the media library
  75. How to get all id_attachment with one loop?
  76. Media Library modal customization
  77. Get all uploaded images using REST api
  78. IPTC and custom thumb size
  79. WordPress REST API to get all media not working
  80. Disable Responsive Image Sizes crop
  81. Media isn’t showing in WordPress library but is available in uploads folder
  82. Append Media/Attachment IDs to Gallery Shortcode HTML Output
  83. Media Library not loading
  84. When inserting an image in a post, how to link the image to a resized URL instead of the full image URL?
  85. How do I get WordPress to create resizes of a supplied default image in a theme?
  86. MP4 file links download instead of playing
  87. Media and all images disappeared from my wordpress site
  88. Replace Swedish characters in filenames
  89. Get the Playlist embedded in Post/Page content
  90. Can we reuse WordPress drag drop media upload in plugins?
  91. How can I change the default image behavior?
  92. Import media in bulk with caption and titles?
  93. cant able to upload media to my wordpress blog
  94. wp media popup close all popup
  95. Import of 200+ sermons
  96. Unable to send upload url
  97. After import, oEmbeds non-functional until manual republish
  98. How to import and update images/galleries that point to an old site
  99. Media Library empty after server migration
  100. Looking for a way to insert PDF image preview in TinyMCE

Leave a Comment