Description
Safe SVG est le meilleur moyen d’autoriser les téléversements de SVG dans WordPress !
It gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG/XML vulnerabilities affecting your site. It also gives you the ability to preview your uploaded SVGs in the media library in all views.
Current Features
- SVG désinfectés – N’ouvrez pas de failles de sécurité de votre site WordPress en autorisant les téléversements de fichiers non contrôlés.
- SVGO Optimisation – Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code:
add_filter( 'safe_svg_optimizer_enabled', '__return_true' ); - Afficher les SVG dans la médiathèque – Fini le temps où il fallait deviner quel SVG est le bon, nous activerons les aperçus SVG dans la médiathèque de WordPress.
- Choisissez qui peut téléverser – Limitez les téléversements de SVG à certains utilisateurs de votre site WordPress ou autorisez n’importe qui à en téléverser.
Initially a proof of concept for #24251.
SVG Sanitization is done through the following library: https://github.com/darylldoyle/svg-sanitizer.
SVG Optimization is done through the following library: https://github.com/svg/svgo.
Blocs
Cette extension fournit 1 bloc.
- Safe SVG Display the SVG icon
Installation
Installez via le répertoire WordPress ou téléchargez, décompressez et téléversez les fichiers dans votre répertoire /wp-content/plugins/
FAQ
-
Oui, cela peut être fait en utilisant les filtres
svg_allowed_attributesetsvg_allowed_tags.
Ils prennent un argument qui doit être retourné. Voir ci-dessous pour des exemples :add_filter( 'svg_allowed_attributes', function ( $attributes ) { // Do what you want here... // This should return an array so add your attributes to // to the $attributes array before returning it. E.G. $attributes[] = 'target'; // This would allow the target="" attribute. return $attributes; } ); add_filter( 'svg_allowed_tags', function ( $tags ) { // Do what you want here... // This should return an array so add your tags to // to the $tags array before returning it. E.G. $tags[] = 'use'; // This would allow the <use> element. return $tags; } );
Avis
10 janvier 2024
5 réponses
Hello everyone,the Plugin does not work for me, I refreshed, logged in and out, checked several different svg files but the uploading is still not possible.After having read so many positive reviews I think I am an exception. Thanks for any advice!
16 août 2023
1 réponse
I don't understand why this isn't in core wordpress. Plugin integrates flawlessly into the website and causes no issues.
15 juillet 2023
1 réponse
Does what is says. Quick and easy.
17 mai 2023
1 réponse
Easy plugin for enabling svg uploads on your wordpress site
30 novembre 2022
1 réponse
Great little plugin that does exactly what it says. And does it easily. (Still not sure why SVGs are not supported natively but that's another discussion) Thank you, job well done!
16 août 2022
1 réponse
Works like a charm
Contributeurs/contributrices & développeurs/développeuses
« Safe SVG » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.
Contributeurs
“Safe SVG” a été traduit dans 22 locales. Remerciez l’équipe de traduction pour ses contributions.
Traduisez « Safe SVG » dans votre langue.
Le développement vous intéresse ?
Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.
Journal
2.2.4 – 2024-03-28
- Changed: Upgrade the
download-artifactfrom v3 to v4 (props @iamdharmesh, @jeffpaul via #181). - Changed: Replaced
lee-dohm/no-responsewithactions/staleto help with closing no-response/stale issues (props @jeffpaul, @dkotter via #183). - Fixed: Ensure the svg file can be loaded before we try accessing it’s attributes (props @dkotter, @metashield-ie, @ocean90, @darylldoyle, @faisal-alvi via #186).
- Fixed: Ensure we don’t throw JS errors in the Classic Editor when the optimizer feature is turned on (props @dkotter, @turtlepod, @faisal-alvi via #187).
- Security: Bump
webpack-dev-middlewarefrom 5.3.3 to 5.3.4 (props @dependabot, @dkotter via #185). - Security: Bump
expressfrom 4.18.2 to 4.19.2 (props @dependabot, @dkotter via #188).
2.2.3 – 2024-03-20
- Added: Support for the WordPress.org plugin preview (props @dkotter, @jeffpaul via #167).
- Changed: Bump WordPress « tested up to » version 6.5 (props @dkotter, @jeffpaul via #180).
- Changed: Clean up NPM dependencies and update node to v20 (props @Sidsector9, @dkotter via #172).
- Fixed: Refactor the
svg_dimensionsfunction to be more performant (props @sksaju, @cjyabraham, @bmarshall511, @Hercilio1, @darylldoyle via #154, #174). - Fixed: Address fatal JS error when optimization is enabled and an item is published without blocks (props @psorensen, @tictag, @dkotter via #173).
- Security: Bump
axiosfrom 0.25.0 to 1.6.2 and@wordpress/scriptsfrom 26.0.0 to 26.18.0 (props @dependabot, @ravinderk via #166). - Security: Bump
follow-redirectsfrom 1.15.3 to 1.15.6 andipfrom 1.1.8 to 1.1.9 (props @dependabot, @dkotter via #169, #177).
2.2.2 – 2023-11-21
- Changed: Bump WordPress « tested up to » version 6.4 (props @qasumitbagthariya, @jeffpaul via #162, #163).
- Fixed: Ensure CSS applies properly to the SVG Icon block when added via
theme.json(props @tobeycodes, @dkotter via #161).
2.2.1 – 2023-10-23
- Changed: Update to
apiVersion3 for our SVG Icon block (props @fabiankaegy, @ravinderk, @jeffpaul, @dkotter via #133). - Fixed: Address an error due to the SVG Icon block using the
fill-ruleattribute (props @zamanq, @jeffpaul, @iamdharmesh via #152). - Security: Bump
postcssfrom 8.4.20 to 8.4.31 (props @dependabot, @faisal-alvi via #155). - Security: Bump
@cypress/requestfrom 2.88.12 to 3.0.1 andcypressfrom 10.11.0 to 13.3.0 (props @dependabot, @ravinderk via #156). - Security: Bump
@babel/traversefrom 7.20.12 to 7.23.2 (props @dependabot, @iamdharmesh via #158).
2.2.0 – 2023-08-21
- Added: New settings that give the ability to select which user roles can upload SVG files (props @dhanendran, @csloisel, @faisal-alvi, @dkotter via #76).
- Added: SVG optimization during upload via SVGO. Feature is disabled by default but can be enabled using the
safe_svg_optimizer_enabledfilter (props @gsarig, @peterwilsoncc, @Sidsector9, @darylldoyle, @faisal-alvi, @dkotter, @ravinderk via #79, #145). - Added: Spacing and color controls added to SVG block (props @bmarshall511, @iamdharmesh via #135).
- Added: Mochawesome reporter added for Cypress test report (props @jayedul, @peterwilsoncc via #124).
- Changed: Update Support Level from
ActivetoStable(props @Sidsector9, @iamdharmesh via #100). - Changed: Update name of SVG block from Safe SVG Icon to Inline SVG (props @bmarshall511, @iamdharmesh via #135).
- Changed: Bump WordPress « tested up to » version 6.3 (props @dkotter, @jeffpaul via #144).
- Changed: Update the Dependency Review GitHub Action (props @jeffpaul, @Sidsector9 via #128).
- Fixed: Add namespace to the
class_existscheck (props @szepeviktor, @iamdharmesh via #120). - Fixed: Ensure Sanitizer class is properly imported (props @szepeviktor, @iamdharmesh via #121).
- Fixed: Remove an unneeded global (props @szepeviktor, @iamdharmesh via #122).
- Fixed: Use absolute path in require (props @szepeviktor, @iamdharmesh via #123).
- Fixed: Ensure custom classname added to SVG block is output on the front-end (props @bmarshall511, @Sidsector9, @dkotter via #130).
- Fixed: Ensure
SimpleXMLexists before using it (props @sdmtt, @faisal-alvi via #140). - Fixed: Fix markdown issues in the readme (props @szepeviktor, @iamdharmesh via #119).
- Security: Bump
semverfrom 5.7.1 to 5.7.2 (props @dependabot via #134). - Security: Bump
word-wrapfrom 1.2.3 to 1.2.5 (props @dependabot via #141). - Security: Bump
tough-cookiefrom 4.1.2 to 4.1.3 and@cypress/requestfrom 2.88.10 to 2.88.12 (props @dependabot via #146).
2.1.1 – 2023-04-05
- Changed: Upgrade
@wordpressnpm package dependencies (props @ggutenberg, @Sidsector9 via #108). - Changed: Bump WordPress « tested up to » version 6.2 (props @ggutenberg, @Sidsector9 via #108).
- Changed: Run our E2E tests on the zip generated by « Build release zip » action (props @jayedul, @dkotter via #106).
- Fixed: Only load our block CSS if a page has the SVG block in it and remove an extra slash in the CSS file path. Remove an unneeded JS block file (props @dkotter, @freinbichler, @IanDelMar, @ocean90, @Sidsector9 via #112).
- Fixed: Better error handling for environments that don’t match our minimum PHP version (props @dkotter, @ravinderk via #111).
2.1.0 – 2023-03-22
- Added: An SVG Gutenberg Block (props @faisal-alvi, @Sidsector9, @cr0ybot, @darylldoyle, @cbirdsong, @jeffpaul via #80).
- Added: « Build release zip » GitHub Action (props @iamdharmesh, @dkotter, @faisal-alvi via #87).
- Changed: Bump minimum PHP version from 7.0 to 7.4 (props @iamdharmesh, @peterwilsoncc, @vikrampm1 via #82).
- Changed: Bump minimum WordPress version from 4.7 to 5.7 (props @iamdharmesh, @peterwilsoncc, @vikrampm1 via #82).
- Changed: Bump WordPress « tested up to » version 6.1 (props @iamdharmesh, @peterwilsoncc via #85).
- Security: Updates the underlying sanitisation library to pull in a security fix (props @darylldoyle, @faisal-alvi, @Cyxow via #105).
- Security: Bump
gotfrom 10.7.0 to 11.8.5 (props @dependabot via #83). - Security: Bump
@wordpress/env from4.9.0 to 5.6.0 (props @dependabot via #83). - Security: Bump
simple-gitfrom 3.9.0 to 3.16.0 (props @dependabot via #88, #99). - Security: Bump
loader-utilsfrom 2.0.2 to 2.0.4 (props @dependabot via #92). - Security: Bump
json5from 1.0.1 to 1.0.2 (props @dependabot via #91). - Security: Bump
decode-uri-componentfrom 0.2.0 to 0.2.2 (props @dependabot via #93). - Security: Bump
markdown-itfrom 12.0.4 to 12.3.2 (props @dependabot, @peterwilsoncc via #94). - Security: Bump
@wordpress/scriptsfrom 19.2.4 to 25.1.0 (props @dependabot, @peterwilsoncc via #94). - Security: Bump
http-cache-semanticsfrom 4.1.0 to 4.1.1 (props @dependabot, @peterwilsoncc via #101). - Security: Bump
webpackfrom 5.75.0 to 5.76.1 (props @dependabot, @faisal-alvi via #103). - Security: Bump
svg-sanitizerfrom 0.15.2 to 0.16.0 (props @darylldoyle, @faisal-alvi, @Cyxow via #105).
Earlier versions
For the changelog of earlier versions, please refer to the changelog on github.com.