Escaping SVG with KSES

Found your question as I was searching for an answer. I tried experimenting a bit more with wp_kses and found that lower-casing viewbox in the arguments seems to fix the issue. You don’t have to put the actual attribute on the SVG in lowercase, just the wp_kses() argument. This may be more than you need, … Read more

How to upload SVG in WordPress 4.9.8?

This question had me scratching my head. Yeah, how come WordPress doesn’t support this natively? And then I found out. You asked how to upload SVG in WordPress 4.9.8 (the current version at the time of writing). You mention that you “tried uploading after installing different plugins”. You don’t say which plugins, nor whether they … Read more

Ways to handle SVG rendering in wordpress?

Take a look at wp_prepare_attachment_for_js(), which is what gathers attachment metadata for use on the Media pages. The eponymous filter lets us add or alter metadata. The following example can be dropped into functions.php. Note: this requires SimpleXML support in PHP. function common_svg_media_thumbnails($response, $attachment, $meta){ if($response[‘type’] === ‘image’ && $response[‘subtype’] === ‘svg+xml’ && class_exists(‘SimpleXMLElement’)) { … Read more

For what security reasons are svgs blocked in the media uploader?

SVG can contain JavaScript. JavaScript can be used to hijack cookies or do other questionable actions. It can even be “hidden” in namespaces: <html xmlns:ø=”http://www.w3.org/1999/xhtml”> <ø:script src=”https://0x.lv/” /> </html> source It is very hard to filter that out during the upload, so it is just not allowed by default.