Why Automattic hates SVG has always been a source of confusion to me. Why shouldn’t uploading SVG be as easy and straightforward as any other kind of (supported) image? Then again, it’s true that you can write malicious code inside a SVG rather easily. The solution? Safe SVG. It cleans up a malformed or malicious SVG during the upload, so that when it arrives in your Media Library, it will already have been sanitised.
The plugin is as simple to operate as it is useful. All parts of WP that require opening the Media Library browser will now accept SVGs as well. As others have remarked, there are some outstanding issues when previewing SVGs inside Gutenberg. No surprises there — this plugin has predated Gutenberg, and (at the time of writing) has been abandoned for about two years, during which Automattic has been eagerly upgrading WordPress.
The author has not gone away, though. He is still actively developing the sanitising part of the plugin, using a library he has developed and posted on GitHub, and which has accepted several contributions and gone through many code reviews. It’s possibly the reference library for SVG sanitation written in PHP.
And fortunately he’s now back and has released a brand new version as of late February 2022 🙂
- You must be logged in to reply to this review.