Why does WordPress not permit svg image files by default?

1 Views

Why can’t I upload SVG image files to WordPress(4.2.2) by default? when you try you get the message:

Sorry, this file type is not permitted for security reasons.

Read More

I know this problem has been around for a while, and I’ve used this solution in the past, from https://css-tricks.com/snippets/wordpress/allow-svg-through-wordpress-media-uploader/, : 

function cc_mime_types($mimes) {
  $mimes['svg'] = 'image/svg+xml';
  return $mimes;
}
add_filter('upload_mimes', 'cc_mime_types');

But what are the security implications of allowing this behaviour and why has it been disabled by default?

Post Views: 1

Related posts

2 comments

  1. SVG files are fairly rich in that they contain XML and even JavaScript. As such, the processing of these files is riskier than processing simpler image formats.

  2. SVG image type not showing in wordpress

    function my_media_types($media_types){
    $media_types['svg'] = 'image/svg+xml'; 
    $media_types['psd'] = 'image/vnd.adobe.photoshop'; 
    return $media_types;
}
add_filter('upload_mimes', 'my_media_types', 1, 1);

    by defalut wordpress not support svg because svg conveted to xml file when you can set .svg image than it’s all data as a xml format for security reason wordpress not allow by defalut svg or site hacked by xml file because xml show all data

Comments are closed.