About sanitizing SVGs

WordPress does not allow uploading SVG files to the Media Library for a very good reason: they can contain malicious code, like embedded JavaScript code, and that's a potential vulnerability. For example, an infected SVG file can redirect users to a malicious website disguised as a reputable one. Here you can read more about how SVGs can exploit vulnerabilities: Cross-site Scripting Injection Attacks Using SVG Images (rietta.com)

WP SVG Images, as you know, allows you or your users to upload SVG files, and you can choose to upload them sanitized or not sanitized (unrestricted upload).

What does "sanitizing" an SVG mean?

Sanitization is the process of examining the SVG file and producing a new one that preserves only the code designated “safe” and desired. 

However, in very rare cases, sanitizing an SVG may remove wanted behavior. For example, maybe you actually want to upload an SVG that redirects to another page. In these cases, you have to opt for allowing unrestricted SVG uploads. But it is important to choose unrestricted upload only if you are absolutely sure that all users within the chosen user role are responsible and experienced enough to detect malicious SVG code by themselves. 

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us