Consider turn ‘sanitize’ function public

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Contributor Daryll Doyle

    (@enshrined)

    Hi @wpublish2,

    Whilst this would certainly be possible to do do you have a use case where it’d make sense to do this?

    Because safe-svg runs on upload, I don’t really see any reason it’d need to be instantiated outside of this process.

    I look forward to hearing back from you.

    Cheers,
    Daryll

    Thread Starter wpublish2

    (@wpublish2)

    Hi Daryll, thanks by your time. For example, I’m a developer and my theme has static SVG files included, they are used to compose the theme design and some icons. The theme allows users to add new SVG files to this folder if they wish, or upload it via WordPress. So it would be helpful to programmatically open SVG files with PHP and filter the content with your plugin. I was looking the secure list of attributes to SVG files via wp_kses and the list is huge.

    Cheers, Eduardo

    Plugin Contributor Daryll Doyle

    (@enshrined)

    Hi @wpublish2,

    If they’re uploading the files via WordPress, then this plugin should already be filtering them.

    In terms of them adding files to a folder, if this is done via FTP then a lot of the issues that can be sanitised will already be in play (XML attacks etc), therefore it doesn’t make as much sense to filter them post-upload.

    That said, I’m going to be looking at the sanitiser over the next week or so and updating it some more so when I push a plugin update out, I’ll try making this public, or at least giving developers a function they can use ??

    Cheers,
    Daryll

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Consider turn ‘sanitize’ function public’ is closed to new replies.