Support » Plugin: Safe SVG » Consider turn ‘sanitize’ function public

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Daryll Doyle

    (@enshrined)

    Hi @wpublish2,

    Whilst this would certainly be possible to do do you have a use case where it’d make sense to do this?

    Because safe-svg runs on upload, I don’t really see any reason it’d need to be instantiated outside of this process.

    I look forward to hearing back from you.

    Cheers,
    Daryll

    Hi Daryll, thanks by your time. For example, I’m a developer and my theme has static SVG files included, they are used to compose the theme design and some icons. The theme allows users to add new SVG files to this folder if they wish, or upload it via WordPress. So it would be helpful to programmatically open SVG files with PHP and filter the content with your plugin. I was looking the secure list of attributes to SVG files via wp_kses and the list is huge.

    Cheers, Eduardo

    Plugin Author Daryll Doyle

    (@enshrined)

    Hi @wpublish2,

    If they’re uploading the files via WordPress, then this plugin should already be filtering them.

    In terms of them adding files to a folder, if this is done via FTP then a lot of the issues that can be sanitised will already be in play (XML attacks etc), therefore it doesn’t make as much sense to filter them post-upload.

    That said, I’m going to be looking at the sanitiser over the next week or so and updating it some more so when I push a plugin update out, I’ll try making this public, or at least giving developers a function they can use 🙂

    Cheers,
    Daryll

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.