Safe SVG
| 开发者 |
enshrined
10up jeffpaul |
|---|---|
| 更新时间 | 2024年8月29日 00:30 |
| WordPress版本: | 6.6 |
| 版权: | GPL-2.0-or-later |
| 版权网址: | 版权信息 |
标签
下载
详情介绍:
Safe SVG is the best way to Allow SVG Uploads in WordPress!
It gives you the ability to allow SVG uploads whilst making sure that they're sanitized to stop SVG/XML vulnerabilities affecting your site. It also gives you the ability to preview your uploaded SVGs in the media library in all views.
Current Features
- Sanitised SVGs - Don't open up security holes in your WordPress site by allowing uploads of unsanitised files.
- SVGO Optimisation - Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code:
add_filter( 'safe_svg_optimizer_enabled', '__return_true' ); - View SVGs in the Media Library - Gone are the days of guessing which SVG is the correct one, we'll enable SVG previews in the WordPress media library.
- Choose Who Can Upload - Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload. Initially a proof of concept for #24251.
安装:
Install through the WordPress directory or download, unzip and upload the files to your
/wp-content/plugins/ directory常见问题:
Can we change the allowed attributes and tags?
Yes, this can be done using the svg_allowed_attributes and svg_allowed_tags filters.
They take one argument that must be returned. See below for examples:
add_filter( 'svg_allowed_attributes', function ( $attributes ) {
// Do what you want here...
// This should return an array so add your attributes to
// to the $attributes array before returning it. E.G.
$attributes[] = 'target'; // This would allow the target="" attribute.
return $attributes;
} );
add_filter( 'svg_allowed_tags', function ( $tags ) {
// Do what you want here...
// This should return an array so add your tags to
// to the $tags array before returning it. E.G.
$tags[] = 'use'; // This would allow the element.
return $tags;
} );
更新日志:
2.2.6 - 2024-08-28
- Changed: Bump WordPress "tested up to" version to 6.6 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).
- Changed: Bump WordPress minimum from 5.7 to 6.4 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).
- Security: Add svg sanitization on the
wp_handle_sideload_prefilterfilter (props @dkotter, @xknown, @iamdharmesh via GHSA-3vr7-86pg-hf4g). - Security: Bump
bracesfrom 3.0.2 to 3.0.3,pac-resolverfrom 7.0.0 to 7.0.1,socksfrom 2.7.1 to 2.8.3,wsfrom 7.5.9 to 7.5.10 and removeip(props @dependabot, @Sidsector9 via #206). - Security: Bump
axiosfrom 1.6.7 to 1.7.4 (props @dependabot, @faisal-alvi via #218).
- Added: New filter,
safe_svg_current_user_can_upload, allowing more control over who can upload SVG files (props @dkotter, @iamdharmesh via #193). - Fixed: Fatal error when applying the
admin_post_thumbnail_htmlfilter with just two arguments (props @kmgalanakis, @dkotter, @liz1kiweno via #196). - Fixed: Prevent PHP fatal error when the value of the filtered block categories is not an array (props @kmgalanakis, @dkotter, @cguidog via #200).
- Fixed: Handled PHP warning when the
$image_metais not an array (props @faisal-alvi, @dkotter, @drazenbebic, @kirtangajjar via #203).
- Changed: Upgrade the
download-artifactfrom v3 to v4 (props @iamdharmesh, @jeffpaul via #181). - Changed: Replaced
lee-dohm/no-responsewithactions/staleto help with closing no-response/stale issues (props @jeffpaul, @dkotter via #183). - Fixed: Ensure the svg file can be loaded before we try accessing it's attributes (props @dkotter, @metashield-ie, @ocean90, @darylldoyle, @faisal-alvi via #186).
- Fixed: Ensure we don't throw JS errors in the Classic Editor when the optimizer feature is turned on (props @dkotter, @turtlepod, @faisal-alvi via #187).
- Security: Bump
webpack-dev-middlewarefrom 5.3.3 to 5.3.4 (props @dependabot, @dkotter via #185). - Security: Bump
expressfrom 4.18.2 to 4.19.2 (props @dependabot, @dkotter via #188).
- Added: Support for the WordPress.org plugin preview (props @dkotter, @jeffpaul via #167).
- Changed: Bump WordPress "tested up to" version 6.5 (props @dkotter, @jeffpaul via #180).
- Changed: Clean up NPM dependencies and update node to v20 (props @Sidsector9, @dkotter via #172).
- Fixed: Refactor the
svg_dimensionsfunction to be more performant (props @sksaju, @cjyabraham, @bmarshall511, @Hercilio1, @darylldoyle via #154, #174). - Fixed: Address fatal JS error when optimization is enabled and an item is published without blocks (props @psorensen, @tictag, @dkotter via #173).
- Security: Bump
axiosfrom 0.25.0 to 1.6.2 and@wordpress/scriptsfrom 26.0.0 to 26.18.0 (props @dependabot, @ravinderk via #166). - Security: Bump
follow-redirectsfrom 1.15.3 to 1.15.6 andipfrom 1.1.8 to 1.1.9 (props @dependabot, @dkotter via #169, #177).
- Changed: Bump WordPress "tested up to" version 6.4 (props @qasumitbagthariya, @jeffpaul via #162, #163).
- Fixed: Ensure CSS applies properly to the SVG Icon block when added via
theme.json(props @tobeycodes, @dkotter via #161).
- Changed: Update to
apiVersion3 for our SVG Icon block (props @fabiankaegy, @ravinderk, @jeffpaul, @dkotter via #133). - Fixed: Address an error due to the SVG Icon block using the
fill-ruleattribute (props @zamanq, @jeffpaul, @iamdharmesh via #152). - Security: Bump
postcssfrom 8.4.20 to 8.4.31 (props @dependabot, @faisal-alvi via #155). - Security: Bump
@cypress/requestfrom 2.88.12 to 3.0.1 andcypressfrom 10.11.0 to 13.3.0 (props @dependabot, @ravinderk via #156). - Security: Bump
@babel/traversefrom 7.20.12 to 7.23.2 (props @dependabot, @iamdharmesh via #158).
- Added: New settings that give the ability to select which user roles can upload SVG files (props @dhanendran, @csloisel, @faisal-alvi, @dkotter via #76).
- Added: SVG optimization during upload via SVGO. Feature is disabled by default but can be enabled using the
safe_svg_optimizer_enabledfilter (props @gsarig, @peterwilsoncc, @Sidsector9, @darylldoyle, @faisal-alvi, @dkotter, @ravinderk via #79, #145). - Added: Spacing and color controls added to SVG block (props @bmarshall511, @iamdharmesh via #135).
- Added: Mochawesome reporter added for Cypress test report (props @jayedul, @peterwilsoncc via #124).
- Changed: Update Support Level from
ActivetoStable(props @Sidsector9, @iamdharmesh via #100). - Changed: Update name of SVG block from Safe SVG Icon to Inline SVG (props @bmarshall511, @iamdharmesh via #135).
- Changed: Bump WordPress "tested up to" version 6.3 (props @dkotter, @jeffpaul via #144).
- Changed: Update the Dependency Review GitHub Action (props @jeffpaul, @Sidsector9 via #128).
- Fixed: Add namespace to the
class_existscheck (props @szepeviktor, @iamdharmesh via #120). - Fixed: Ensure Sanitizer class is properly imported (props @szepeviktor, @iamdharmesh via #121).
- Fixed: Remove an unneeded global (props @szepeviktor, @iamdharmesh via #122).
- Fixed: Use absolute path in require (props @szepeviktor, @iamdharmesh via #123).
- Fixed: Ensure custom classname added to SVG block is output on the front-end (props @bmarshall511, @Sidsector9, @dkotter via #130).
- Fixed: Ensure
SimpleXMLexists before using it (props @sdmtt, @faisal-alvi via #140). - Fixed: Fix markdown issues in the readme (props @szepeviktor, @iamdharmesh via #119).
- Security: Bump
semverfrom 5.7.1 to 5.7.2 (props @dependabot via #134). - Security: Bump
word-wrapfrom 1.2.3 to 1.2.5 (props @dependabot via #141). - Security: Bump
tough-cookiefrom 4.1.2 to 4.1.3 and@cypress/requestfrom 2.88.10 to 2.88.12 (props @dependabot via #146). View historical changelog details here.