Safe SVG -- WordPress 插件

开发者	enshrined 10up jeffpaul
更新时间	2025年8月13日 23:22
WordPress版本:	6.8
版权:	GPL-2.0-or-later
版权网址:	版权信息

Safe SVG is the best way to Allow SVG Uploads in WordPress! It gives you the ability to allow SVG uploads whilst making sure that they're sanitized to stop SVG/XML vulnerabilities affecting your site. It also gives you the ability to preview your uploaded SVGs in the media library in all views. Current Features

Sanitised SVGs - Don't open up security holes in your WordPress site by allowing uploads of unsanitised files.
SVGO Optimisation - Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code: add_filter( 'safe_svg_optimizer_enabled', '__return_true' );
View SVGs in the Media Library - Gone are the days of guessing which SVG is the correct one, we'll enable SVG previews in the WordPress media library.
Choose Who Can Upload - Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload. Initially a proof of concept for #24251.

SVG Sanitization is done through the following library: https://github.com/darylldoyle/svg-sanitizer. SVG Optimization is done through the following library: https://github.com/svg/svgo.

Install through the WordPress directory or download, unzip and upload the files to your /wp-content/plugins/ directory

2.3.3 - 2025-08-13

Security: Update the enshrined/svg-sanitize package from 0.19.0 to 0.22.0 to fix an issue with case-insensitive attributes slipping through the sanitiser and address PHP 8.4 deprecation warnings (props @darylldoyle, @sudar, @georgestephanis, @dkotter, @realazizk via #268, #272).
Security: Bump form-data from 4.0.0 to 4.0.4 (props @dependabot, @faisal-alvi via #270).
Security: Bump tmp from 0.2.3 to 0.2.5 and @inquirer/editor from 4.2.9 to 4.2.16 (props @dependabot, @dkotter via #271).

2.3.2 - 2025-07-21

Fixed: Visual parity between the front end and the block editor (props @s3rgiosan, @dkotter via #261, #266).
Changed: Bump WordPress "tested up to" version 6.8 (props @godleman, @jeffpaul, @dkotter via #251, #254).
Changed: Bump WordPress minimum supported version to 6.6 (props @godleman, @jeffpaul, @dkotter via #254).
Security: Bump ws from 7.5.10 to 8.18.0, @wordpress/scripts from 27.9.0 to 30.6.0, nanoid from 3.3.7 to 3.3.8 and mocha from 10.2.0 to 11.0.1 (props @dependabot, @peterwilsoncc via #245).
Security: Bump @babel/runtime from 7.23.9 to 7.27.0, axios from 1.7.4 to 1.8.4, cookie from 0.4.2 to 0.7.1, express from 4.21.0 to 4.21.2 and @wordpress/e2e-test-utils-playwright from 0.26.0 to 1.20.0 (props @dependabot, @dkotter via #250).
Security: Bump http-proxy-middleware from 2.0.6 to 2.0.9 (props @dependabot, @iamdharmesh via #253).
Security: Bump tar-fs from 3.0.8 to 3.0.9 (props @dependabot, @dkotter via #258).
Security: Bump bytes from 3.0.0 to 3.1.2 and compression from 1.7.4 to 1.8.1 (props @dependabot, @dkotter via #265).

2.3.1 - 2024-12-05

Fixed: Revert changes made to how we determine custom dimensions for SVGs (props @dkotter, @martinpl, @subfighter3, @smerriman, @gigatyrant, @jeffpaul, @iamdharmesh via #238).

2.3.0 - 2024-11-25

Added: New setting that allows large SVG files (roughly 10MB or greater) to be uploaded and sanitized properly (props @kirtangajjar, @faisal-alvi, @darylldoyle, @manojsiddoji, @dkotter via #201).
Added: New get_svg_dimensions function in order to reduce code duplication (props @gabriel-glo, @jeremymoore, @darylldoyle, @iamdharmesh, @dkotter via #216).
Changed: Updated the enshrined/svg-sanitize package from 0.16.0 to 0.19.0 to fix a PHP 8.3 compatibility issue (props @sksaju, @TylerB24890, @darylldoyle, @rolf-yoast, @faisal-alvi via #214).
Changed: Update how image dimensions are passed in get_image_tag_override and one_pixel_fix methods (props @gabriel-glo, @jeremymoore, @darylldoyle, @iamdharmesh, @dkotter via #216).
Changed: Bump WordPress "tested up to" version to 6.7 (props @colinswinney, @jeffpaul via #232, #233).
Changed: Bump WordPress minimum from 6.4 to 6.5 (props @colinswinney, @jeffpaul via #232, #233).
Changed: Remove composer dev dependencies from archived project (props @TylerB24890, @szepeviktor, @peterwilsoncc via #220).
Fixed: Use proper block category for the Safe SVG Icon block (props @kirtangajjar, @fabiankaegy via #226).
Security: Only allow SVG file types to be uploaded if our sanitizer is able to run on those files (props @darylldoyle, @xknown, @dkotter via #228).
Security: Bump webpack from 5.90.1 to 5.94.0 (props @dependabot, @peterwilsoncc via #222).
Security: Bump ws from 7.5.10 to 8.18.0, serve-static from 1.15.0 to 1.16.2 and express from 4.19.2 to 4.21.0 (props @dependabot, @Sidsector9, @faisal-alvi via #227, #230, #234).

2.2.6 - 2024-08-28

Changed: Bump WordPress "tested up to" version to 6.6 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).
Changed: Bump WordPress minimum from 5.7 to 6.4 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).
Security: Add svg sanitization on the wp_handle_sideload_prefilter filter (props @dkotter, @xknown, @iamdharmesh via GHSA-3vr7-86pg-hf4g).
Security: Bump braces from 3.0.2 to 3.0.3, pac-resolver from 7.0.0 to 7.0.1, socks from 2.7.1 to 2.8.3, ws from 7.5.9 to 7.5.10 and remove ip (props @dependabot, @Sidsector9 via #206).
Security: Bump axios from 1.6.7 to 1.7.4 (props @dependabot, @faisal-alvi via #218). View historical changelog details here.

Safe SVG

标签

下载

详情介绍:

安装:

升级注意事项:

常见问题:

更新日志: