Description

Safe SVG est le meilleur moyen d’autoriser les téléversements de SVG dans WordPress !

It gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG/XML vulnerabilities affecting your site. It also gives you the ability to preview your uploaded SVGs in the media library in all views.

Current Features

SVG désinfectés – N’ouvrez pas de failles de sécurité de votre site WordPress en autorisant les téléversements de fichiers non contrôlés.
SVGO Optimisation – Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code: add_filter( 'safe_svg_optimizer_enabled', '__return_true' );
Afficher les SVG dans la médiathèque – Fini le temps où il fallait deviner quel SVG est le bon, nous activerons les aperçus SVG dans la médiathèque de WordPress.
Choisissez qui peut téléverser – Limitez les téléversements de SVG à certains utilisateurs de votre site WordPress ou autorisez n’importe qui à en téléverser.

Initially a proof of concept for #24251.

SVG Sanitization is done through the following library: https://github.com/darylldoyle/svg-sanitizer.

SVG Optimization is done through the following library: https://github.com/svg/svgo.

Blocs

Cette extension fournit 1 bloc.

Safe SVG Display the SVG icon

Installation

Installez via le répertoire WordPress ou téléchargez, décompressez et téléversez les fichiers dans votre répertoire /wp-content/plugins/

FAQ

Pouvons-nous modifier les attributs et les balises autorisés ?

Oui, cela peut être fait en utilisant les filtres svg_allowed_attributes et svg_allowed_tags.
Ils prennent un argument qui doit être retourné. Voir ci-dessous pour des exemples :

add_filter( 'svg_allowed_attributes', function ( $attributes ) {

    // Do what you want here...

    // This should return an array so add your attributes to
    // to the $attributes array before returning it. E.G.

    $attributes[] = 'target'; // This would allow the target="" attribute.

    return $attributes;
} );


add_filter( 'svg_allowed_tags', function ( $tags ) {

    // Do what you want here...

    // This should return an array so add your tags to
    // to the $tags array before returning it. E.G.

    $tags[] = 'use'; // This would allow the <use> element.

    return $tags;
} );

Avis

bartesuski 16 août 2023 1 réponse

I don't understand why this isn't in core wordpress. Plugin integrates flawlessly into the website and causes no issues.

geonaught 15 juillet 2023 1 réponse

Does what is says. Quick and easy.

jamesstaples 17 mai 2023 1 réponse

Easy plugin for enabling svg uploads on your wordpress site

tadees 30 novembre 2022 1 réponse

Great little plugin that does exactly what it says. And does it easily. (Still not sure why SVGs are not supported natively but that's another discussion) Thank you, job well done!

hansashift 16 août 2022 1 réponse

Works like a charm

Blockify 1 avril 2022 1 réponse

Great plugin, does what it says. Should be core functionality.

Lire les 69 avis

Contributeurs/contributrices & développeurs/développeuses

« Safe SVG » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.

“Safe SVG” a été traduit dans 19 locales. Remerciez l’équipe de traduction pour ses contributions.

Traduisez « Safe SVG » dans votre langue.

Le développement vous intéresse ?

Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.

Journal

2.2.0 – 2023-08-21

Added: New settings that give the ability to select which user roles can upload SVG files (props @dhanendran, @csloisel, @faisal-alvi, @dkotter via #76).
Added: SVG optimization during upload via SVGO. Feature is disabled by default but can be enabled using the safe_svg_optimizer_enabled filter (props @gsarig, @peterwilsoncc, @Sidsector9, @darylldoyle, @faisal-alvi, @dkotter, @ravinderk via #79, #145).
Added: Spacing and color controls added to SVG block (props @bmarshall511, @iamdharmesh via #135).
Added: Mochawesome reporter added for Cypress test report (props @jayedul, @peterwilsoncc via #124).
Changed: Update Support Level from Active to Stable (props @Sidsector9, @iamdharmesh via #100).
Changed: Update name of SVG block from Safe SVG Icon to Inline SVG (props @bmarshall511, @iamdharmesh via #135).
Changed: Bump WordPress « tested up to » version 6.3 (props @dkotter, @jeffpaul via #144).
Changed: Update the Dependency Review GitHub Action (props @jeffpaul, @Sidsector9 via #128).
Fixed: Add namespace to the class_exists check (props @szepeviktor, @iamdharmesh via #120).
Fixed: Ensure Sanitizer class is properly imported (props @szepeviktor, @iamdharmesh via #121).
Fixed: Remove an unneeded global (props @szepeviktor, @iamdharmesh via #122).
Fixed: Use absolute path in require (props @szepeviktor, @iamdharmesh via #123).
Fixed: Ensure custom classname added to SVG block is output on the front-end (props @bmarshall511, @Sidsector9, @dkotter via #130).
Fixed: Ensure SimpleXML exists before using it (props @sdmtt, @faisal-alvi via #140).
Fixed: Fix markdown issues in the readme (props @szepeviktor, @iamdharmesh via #119).
Security: Bump semver from 5.7.1 to 5.7.2 (props @dependabot via #134).
Security: Bump word-wrap from 1.2.3 to 1.2.5 (props @dependabot via #141).
Security: Bump tough-cookie from 4.1.2 to 4.1.3 and @cypress/request from 2.88.10 to 2.88.12 (props @dependabot via #146).

2.1.1 – 2023-04-05

Changed: Upgrade @wordpress npm package dependencies (props @ggutenberg, @Sidsector9 via #108).
Changed: Bump WordPress « tested up to » version 6.2 (props @ggutenberg, @Sidsector9 via #108).
Changed: Run our E2E tests on the zip generated by « Build release zip » action (props @jayedul, @dkotter via #106).
Fixed: Only load our block CSS if a page has the SVG block in it and remove an extra slash in the CSS file path. Remove an unneeded JS block file (props @dkotter, @freinbichler, @IanDelMar, @ocean90, @Sidsector9 via #112).
Fixed: Better error handling for environments that don’t match our minimum PHP version (props @dkotter, @ravinderk via #111).

2.1.0 – 2023-03-22

Added: An SVG Gutenberg Block (props @faisal-alvi, @Sidsector9, @cr0ybot, @darylldoyle, @cbirdsong, @jeffpaul via #80).
Added: « Build release zip » GitHub Action (props @iamdharmesh, @dkotter, @faisal-alvi via #87).
Changed: Bump minimum PHP version from 7.0 to 7.4 (props @iamdharmesh, @peterwilsoncc, @vikrampm1 via #82).
Changed: Bump minimum WordPress version from 4.7 to 5.7 (props @iamdharmesh, @peterwilsoncc, @vikrampm1 via #82).
Changed: Bump WordPress « tested up to » version 6.1 (props @iamdharmesh, @peterwilsoncc via #85).
Security: Updates the underlying sanitisation library to pull in a security fix (props @darylldoyle, @faisal-alvi, @Cyxow via #105).
Security: Bump got from 10.7.0 to 11.8.5 (props @dependabot via #83).
Security: Bump @wordpress/env from 4.9.0 to 5.6.0 (props @dependabot via #83).
Security: Bump simple-git from 3.9.0 to 3.16.0 (props @dependabot via #88, #99).
Security: Bump loader-utils from 2.0.2 to 2.0.4 (props @dependabot via #92).
Security: Bump json5 from 1.0.1 to 1.0.2 (props @dependabot via #91).
Security: Bump decode-uri-component from 0.2.0 to 0.2.2 (props @dependabot via #93).
Security: Bump markdown-it from 12.0.4 to 12.3.2 (props @dependabot, @peterwilsoncc via #94).
Security: Bump @wordpress/scripts from 19.2.4 to 25.1.0 (props @dependabot, @peterwilsoncc via #94).
Security: Bump http-cache-semantics from 4.1.0 to 4.1.1 (props @dependabot, @peterwilsoncc via #101).
Security: Bump webpack from 5.75.0 to 5.76.1 (props @dependabot, @faisal-alvi via #103).
Security: Bump svg-sanitizer from 0.15.2 to 0.16.0 (props @darylldoyle, @faisal-alvi, @Cyxow via #105).

2.0.3 – 2022-09-01

Added: More robust PHP testing (props @iamdharmesh, @faisal-alvi via #71, #73).
Fixed: Addressed PHPCS errors (props @iamdharmesh, @faisal-alvi via #73).

2.0.2 – 2022-06-27

Added: Dependency security scanning (props @jeffpaul via #60).
Added: End-to-end testing with Cypress (props @iamdharmesh via #64).
Changed: Bump WordPress version « tested up to » 6.0 (props @dkotter via #65).
Removed: Redundant premium version upgrade link (props @ocean90, @peterwilsoncc via #61).
Removed: Unneeded admin CSS fix for featured images (props @AdamWills, @dkotter, @peterwilsoncc via #63).

2.0.1 – 2022-04-19

Changed: Documentation updates (props @jeffpaul, @peterwilsoncc).
Fixed: Ensure our height and width attributes are set before using them (props @dkotter, @r8r, @jerturowetz, @cadic).
Fixed: Support for installing via packagist.org (props @roborourke, @peterwilsoncc).

2.0.0 – 2022-04-06

Added: New filter, safe_svg_use_width_height_attributes, that can be used to change the order of attributes we use to determine the SVG dimensions (props @dkotter, @peterwilsoncc).
Changed: Documentation updates (props @j-hoffmann, @jeffpaul, @Zodiac1978).
Fixed: Use the viewBox attributes first for image dimensions. Ensure we don’t use image dimensions that end with percent signs (props @dkotter, @peterwilsoncc).
Fixed: Make sure we use the full size SVG dimensions rather than the requested size, to avoid wrong sizes being used and duplicate height and width attributes (props @dkotter, @cadic).
Fixed: Ensure the tmp_name and name properties exist before we use them (props @dkotter, @aksld).

1.9.10 – 2022-02-23

Note that this release bumps the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0.

Changed: Bump WordPress minimum version from 4.0 to 4.7 (props @cadic).
Changed: Bump PHP minimum version from 5.6 to 7.0 (props @mehidi258, @iamdharmesh, @amdd-tim, @darylldoyle, @jeffpaul).
Changed: Update enshrined/svg-sanitize from 0.13.3 to 0.15.2 (props @mehidi258, @iamdharmesh, @amdd-tim, @darylldoyle, @jeffpaul, @cadic).
Changed: Bump WordPress version « tested up to » 5.9 (props @BBerg10up, @jeffpaul, @cadic).
Changed: Updated library location and added a new build step (props @darylldoyle, @dkotter).
Changed: Updated plugin assets and added docs and repo management workflows via GitHub Actions (props Brooke Campbell, @jeffpaul).
Fixed: Double slash being added in SVG file URL for newer uploads (props @mehulkaklotar, @smerriman).
Fixed: Float value casting for SVGs when fetching width and height (props @mehulkaklotar, @smerriman).
Fixed: Use calculated size for SVGs instead of using false (props @dkotter, @darylldoyle, @fritteli).
Fixed: Add better file type checking when looking for SVG files (props @davidhamann, @dkotter, @darylldoyle).

1.9.9 – 2020-05-07

Fixed: Issue where 100% width is accidentally converted to 100px width (props @joehoyle).

1.9.8 – 2020-05-07

Changed: Underlying library update.

1.9.7 – 2019-12-10

Changed: Underlying library update.

1.9.6 – 2019-11-07

Security: Underlying library update that fixes a security issue.

1.9.5 – 2019-11-04

Security: Underlying library update that fixes some security issues.

1.9.4 – 2019-08-21

Fixed: Bug causing lots of error log output to do with safe_svg::fix_direct_image_output().

1.9.3 – 2019-02-19

Fixed: Bug causing 0 height and width SVGs.

1.9.2 – 2019-02-14

Fixed: Warning about an Illegal string offset.
Fixed: Issue if something other than a WP_Post object is passed in via the wp_get_attachment_image_attributes filter.

1.9.1 – 2019-01-29

Fixed: Warning that was being generated by a change made in 1.9.0.

1.9.0 – 2019-01-03

Changed: If an image is the correct ratio, allow skipping of the crop popup when setting header/logo images with SVGs.

1.8.1 – 2018-11-22

Changed: Don’t let errors break upload if uploading an empty file
Fixed: Featured image display in Gutenberg. Props @dmhendricks 🙂

1.8.0 – 2018-11-04

Added: Pull SVG dimensions from the width/height or viewbox attributes of the SVG.
Added: role= »img » attribute to SVGs.

1.7.1 – 2018-10-01

Changed: Underlying lib and added new filters for filtering allowed tags and attributes.

1.7.0 – 2018-10-01

Added: Allow devs to filter tags and attrs within WordPress.

1.6.1 – 2018-03-17

Changed: Images will now use the size chosen when inserted into the page rather than default to 2000px everytime.

1.6.0 – 2017-12-20

Added: Fairly big new feature – The library now allows <use> elements as long as they don’t reference external files!
Fixed: You can now also embed safe image types within the SVG and not have them stripped (PNG, GIF, JPG).

1.5.3 – 2017-11-16

Fixed: 1.5.2 introduced an issue that can freeze the media library. This fixes that issue. Sorry!

1.5.2 – 2017-11-15

Changed: Tested with 4.9.0.
Fixed: Issue with SVGs when regenerating media.

1.5.1 – 2017-08-21

Fixed: PHP strict standards warning.

1.5.0 – 2017-06-20

Changed: Library update.
Changed: role, aria- and data- attributes are now whitelisted to improve accessibility.

1.4.5 – 2017-06-18

Changed: Library update.
Fixed: some issues with defining the size of an SVG.

1.4.4 – 2017-06-07

Fixed: SVGs now display as featured images in the admin area.

1.4.3 – 2017-03-06

Added: WordPress 4.7.3 Compatibility.
Changed: Expanded SVG previews in media library.

1.4.2 – 2017-02-26

Added: Check / fix for when mb_* functions are not available.

1.4.1 – 2017-02-23

Changed: Underlying library to allow attributes/tags in all case variations.

1.4.0 – 2017-02-21

Added: Ability to preview SVG on both grid and list view in the wp-admin media area
Changed: Underlying library version.

1.3.4 – 2017-02-20

Fixed: SVGZ uploads failing and not sanitising correctly.

1.3.3 – 2017-02-15

Changed: Allow SVGZ uploads.

1.3.2 – 2017-01-27

Fixed: Mime type issue in 4.7.1. Mad props to @LewisCowles1986.

1.3.1 – 2016-12-01

Changed: Underlying library version.

1.3.0 – 2016-10-10

Changed: Minify SVGs after cleaning so they can be loaded correctly through file_get_contents.

1.2.0 – 2016-02-27

Added: Support for camel case attributes such as viewBox.

1.1.1 – 2016-07-06

Fixed: Issue with empty svg elements self-closing.

1.1.0 – 2015-07-04

Added: I18n.
Added: da, de ,en, es, fr, nl and ru translations.
Fixed: Issue with filename not being pulled over on failed uploads.

1.0.0 – 2015-07-03

Initial Release.