説明
Safe SVG is the best way to Allow SVG Uploads in WordPress!
It gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG/XML vulnerabilities affecting your site.
It also gives you the ability to preview your uploaded SVGs in the media library in all views.
Free Features
- Sanitised SVGs – Don’t open up security holes in your WordPress site by allowing uploads of unsanitised files.
- View SVGs in the Media Library – Gone are the days of guessing which SVG is the correct one, we’ll enable SVG previews in the WordPress media library.
Pro Features
- SVGO Optimisation – You’ll have the option to run your SVGs through our SVGO server on upload to save you space.
- Choose Who Can Upload – Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload.
- Premium Support – Pro users get premium support whilst free support is offered in the WordPress forums in our spare time
Initially a proof of concept for #24251
SVG Sanitization is done through the following library: https://github.com/darylldoyle/svg-sanitizer
インストール
Install through the WordPress directory or download, unzip and upload the files to your /wp-content/plugins/
directory
FAQ
- Can we change the allowed attributes and tags?
-
Yes, this can be done using the
svg_allowed_attributes
andsvg_allowed_tags
filters.
They take one argument that must be returned. See below for examples:add_filter( 'svg_allowed_attributes', function ( $attributes ) { // Do what you want here... // This should return an array so add your attributes to // to the $attributes array before returning it. E.G. $attributes[] = 'target'; // This would allow the target="" attribute. return $attributes; } ); add_filter( 'svg_allowed_tags', function ( $tags ) { // Do what you want here... // This should return an array so add your tags to // to the $tags array before returning it. E.G. $tags[] = 'use'; // This would allow the <use> element. return $tags; } );
評価
貢献者と開発者
変更履歴
1.9.6
- Underlying library update that fixes a security issue
1.9.5
- Underlying library update that fixes some security issues
1.9.4
- Fixed a bug causing lots of error log output to do with
safe_svg::fix_direct_image_output()
1.9.3
- Fixed a bug causing 0 height and width SVGs
1.9.2
- Fixed a warning about an Illegal string offset
- Fixed an issue if something other than a WP_Post object is passed in via the
wp_get_attachment_image_attributes
filter.
1.9.1
- Fixed a warning that was being generated by a change made in 1.9.0.
1.9.0
- If an image is the correct ratio, allow skipping of the crop popup when setting header/logo images with SVGs.
1.8.1
- Don’t let errors break upload if uploading an empty file
- Fix featured image display in Gutenberg. Props @hendridm 🙂
1.8.0
- Pull SVG dimensions from the width/height or viewbox attributes of the SVG.
- Add the role=”img” attribute to SVGs
1.7.1
- Updated underlying lib and added new filters for filtering allowed tags and attributes
1.6.1
- Images will now use the size chosen when inserted into the page rather than default to 2000px everytime.
1.6.0
- Fairly big new feature – The library now allows
<use>
elements as long as they don’t reference external files! - You can now also embed safe image types within the SVG and not have them stripped (PNG, GIF, JPG)
1.5.3
- 1.5.2 introduced an issue that can freeze the media library. This fixes that issue. Sorry!
1.5.2
- Tested with 4.9.0
- Fixed an issue with SVGs when regenerating media
1.5.1
- Fix PHP strict standards warning
1.5.0
- Library update
- role, aria- and data- attributes are now whitelisted to improve accessibility
1.4.5
- Fixes some issues with defining the size of an SVG.
- Library update
1.4.4
- SVGs now display as featured images in the admin area
1.4.3
- WordPress 4.7.3 Compatibility
- Expanded SVG previews in media library
1.4.2
- Added a check / fix for when mb_* functions are not available
1.4.1
- Updated underlying library to allow attributes/tags in all case variations
1.4.0
- Added ability to preview SVG on both grid and list view in the wp-admin media area
- Updated underlying library version
1.3.4
- A fix for SVGZ uploads failing and not sanitising correctly
1.3.3
- Allow SVGZ uploads
1.3.2
- Fix for the mime type issue in 4.7.1. Mad props to @lewiscowles
1.3.1
- Updated underlying library version
1.3.0
- Minify SVGs after cleaning so they can be loaded correctly through file_get_contents
1.2.0
- Added support for camel case attributes such as viewBox
1.1.1
- Fixed an issue with empty svg elements self-closing
1.1.0
- Added i18n
- Added da, de ,en, es, fr, nl and ru translations
- Fixed an issue with filename not being pulled over on failed uploads
1.0.0
- 最初のリリース