svg content get deleted

  • I’m loving your block, but it has an issue.

    Maybe it’s something you can correct (I could take a look if you pass me the src folder)

    If an author edits a post that uses svg, all the svg gets deleted. I understand the securiry, but this can be a problem (minor but a problem)

    The real problem is on WordPress multisite.

    If the user is admin or editor he should be able to add an svg. but if the user is not network admin, then he’s not able to.

    this creates a problem since I need to have an user who is editor for just one website of the network and of course I can’t give him network admin privileges

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter ivanmessina

    (@ivanmessina)

    Since i found the issue and the solution, I’ll share it here.

    It’s not the plugin , it’s WordPress stripping the tags, I solved following this: https://mkaz.blog/wordpress/allowing-svg-in-wordpress-content

    Plugin Author Phi Phan

    (@mr2p)

    Hi @ivanmessina,

    Thank you for reporting this issue. I will add SVG along with its ‘safe’ child tags and attributes to the allowed list in the next version.

    Phi.

    Thread Starter ivanmessina

    (@ivanmessina)

    To be honest, I wouldn’t allow everyone to upload SVG for security purposes. You may just add my solution in the readme/documentation.

    Adding a setting might be just too much work for something probably no one needs, like this.

    Plugin Author Phi Phan

    (@mr2p)

    Thank you for sharing your thought on this. I will find a solution for this issue. SVG files have already been sanitized by DOMPurify, so I think it is safe to allow some safe elements and attributes. I will look into it carefully for security reasons.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘svg content get deleted’ is closed to new replies.