Safe SVG

Description

Safe SVG est le meilleur moyen d’autoriser les téléversements de SVG dans WordPress !

It gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG/XML vulnerabilities affecting your site. It also gives you the ability to preview your uploaded SVGs in the media library in all views.

Current Features

  • SVG désinfectés – N’ouvrez pas de failles de sécurité de votre site WordPress en autorisant les téléversements de fichiers non contrôlés.
  • Afficher les SVG dans la médiathèque – Fini le temps où il fallait deviner quel SVG est le bon, nous activerons les aperçus SVG dans la médiathèque de WordPress.

Features on the Roadmap

  • Optimisation SVGO – Lors du téléversement, vous aurez la possibilité d’exécuter vos SVG depuis notre serveur SVGO pour économiser de l’espace.
  • Choisissez qui peut téléverser – Limitez les téléversements de SVG à certains utilisateurs de votre site WordPress ou autorisez n’importe qui à en téléverser.

Initially a proof of concept for #24251.

SVG Sanitization is done through the following library: https://github.com/darylldoyle/svg-sanitizer.

Installation

Installez via le répertoire WordPress ou téléchargez, décompressez et téléversez les fichiers dans votre répertoire /wp-content/plugins/

FAQ

Pouvons-nous modifier les attributs et les balises autorisés ?

Oui, cela peut être fait en utilisant les filtres svg_allowed_attributes et svg_allowed_tags.
Ils prennent un argument qui doit être retourné. Voir ci-dessous pour des exemples :

add_filter( 'svg_allowed_attributes', function ( $attributes ) {

    // Do what you want here...

    // This should return an array so add your attributes to
    // to the $attributes array before returning it. E.G.

    $attributes[] = 'target'; // This would allow the target="" attribute.

    return $attributes;
} );


add_filter( 'svg_allowed_tags', function ( $tags ) {

    // Do what you want here...

    // This should return an array so add your tags to
    // to the $tags array before returning it. E.G.

    $tags[] = 'use'; // This would allow the <use> element.

    return $tags;
} );

Avis

23 février 2022
Why Automattic hates SVG has always been a source of confusion to me. Why shouldn't uploading SVG be as easy and straightforward as any other kind of (supported) image? Then again, it's true that you can write malicious code inside a SVG rather easily. The solution? Safe SVG. It cleans up a malformed or malicious SVG during the upload, so that when it arrives in your Media Library, it will already have been sanitised. The plugin is as simple to operate as it is useful. All parts of WP that require opening the Media Library browser will now accept SVGs as well. As others have remarked, there are some outstanding issues when previewing SVGs inside Gutenberg. No surprises there — this plugin has predated Gutenberg, and (at the time of writing) has been abandoned for about two years, during which Automattic has been eagerly upgrading WordPress. The author has not gone away, though. He is still actively developing the sanitising part of the plugin, using a library he has developed and posted on GitHub, and which has accepted several contributions and gone through many code reviews. It's possibly the reference library for SVG sanitation written in PHP. And fortunately he's now back and has released a brand new version as of late February 2022 🙂
14 février 2022
Our agency has a talented illustrator who is adept at creating SVGs, particularly with self-contained CSS animations. We would be loading them all manually from the theme folder with no path to easily add new or replace existing SVGs without developer involvement if it weren't for this plugin. We install Safe SVG on pretty much all sites we custom build for our clients. I'm really hoping for some additional features to come to this plugin to better support the Gutenberg editor, since the core image block doesn't handle SVGs well. But that doesn't affect my 5-star review as the most reliable SVG upload plugin.
23 février 2022
I used to install this plugin on all clients' websites, but sadly, the plugin has been not upgraded for 2 years! so i replaced it for another one. Updated review, the plugin finally has been updated, so all good now!
18 novembre 2021
WP should incorporate this plugin asap. SVG support is now common everywhere and we still have to rely on a plugin that is no longer maintained and is clearly the best IMHO.
Lire les 64 avis

Contributeurs & développeurs

« Safe SVG » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.

Contributeurs

“Safe SVG” a été traduit dans 10 locales. Remerciez l’équipe de traduction pour ses contributions.

Traduisez « Safe SVG » dans votre langue.

Le développement vous intéresse ?

Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.

Journal

2.0.1 – 2022-04-19

2.0.0 – 2022-04-06

  • Added: New filter, safe_svg_use_width_height_attributes, that can be used to change the order of attributes we use to determine the SVG dimensions (props @dkotter, @peterwilsoncc).
  • Changed: Documentation updates (props @j-hoffmann, @jeffpaul, @Zodiac1978).
  • Fixed: Use the viewBox attributes first for image dimensions. Ensure we don’t use image dimensions that end with percent signs (props @dkotter, @peterwilsoncc).
  • Fixed: Make sure we use the full size SVG dimensions rather than the requested size, to avoid wrong sizes being used and duplicate height and width attributes (props @dkotter, @cadic).
  • Fixed: Ensure the tmp_name and name properties exist before we use them (props @dkotter, @aksld).

1.9.10 – 2022-02-23

Note that this release bumps the WordPress minimum version from 4.0 to 4.7 and the PHP minimum version from 5.6 to 7.0.

1.9.9 – 2020-05-07

  • Fixed: Issue where 100% width is accidentally converted to 100px width (props @joehoyle).

1.9.8 – 2020-05-07

  • Changed: Underlying library update.

1.9.7 – 2019-12-10

  • Changed: Underlying library update.

1.9.6 – 2019-11-07

  • Security: Underlying library update that fixes a security issue.

1.9.5 – 2019-11-04

  • Security: Underlying library update that fixes some security issues.

1.9.4 – 2019-08-21

  • Fixed: Bug causing lots of error log output to do with safe_svg::fix_direct_image_output().

1.9.3 – 2019-02-19

  • Fixed: Bug causing 0 height and width SVGs.

1.9.2 – 2019-02-14

  • Fixed: Warning about an Illegal string offset.
  • Fixed: Issue if something other than a WP_Post object is passed in via the wp_get_attachment_image_attributes filter.

1.9.1 – 2019-01-29

  • Fixed: Warning that was being generated by a change made in 1.9.0.

1.9.0 – 2019-01-03

  • Changed: If an image is the correct ratio, allow skipping of the crop popup when setting header/logo images with SVGs.

1.8.1 – 2018-11-22

  • Changed: Don’t let errors break upload if uploading an empty file
  • Fixed: Featured image display in Gutenberg. Props @dmhendricks 🙂

1.8.0 – 2018-11-04

  • Added: Pull SVG dimensions from the width/height or viewbox attributes of the SVG.
  • Added: role= »img » attribute to SVGs.

1.7.1 – 2018-10-01

  • Changed: Underlying lib and added new filters for filtering allowed tags and attributes.

1.7.0 – 2018-10-01

  • Added: Allow devs to filter tags and attrs within WordPress.

1.6.1 – 2018-03-17

  • Changed: Images will now use the size chosen when inserted into the page rather than default to 2000px everytime.

1.6.0 – 2017-12-20

  • Added: Fairly big new feature – The library now allows <use> elements as long as they don’t reference external files!
  • Fixed: You can now also embed safe image types within the SVG and not have them stripped (PNG, GIF, JPG).

1.5.3 – 2017-11-16

  • Fixed: 1.5.2 introduced an issue that can freeze the media library. This fixes that issue. Sorry!

1.5.2 – 2017-11-15

  • Changed: Tested with 4.9.0.
  • Fixed: Issue with SVGs when regenerating media.

1.5.1 – 2017-08-21

  • Fixed: PHP strict standards warning.

1.5.0 – 2017-06-20

  • Changed: Library update.
  • Changed: role, aria- and data- attributes are now whitelisted to improve accessibility.

1.4.5 – 2017-06-18

  • Changed: Library update.
  • Fixed: some issues with defining the size of an SVG.

1.4.4 – 2017-06-07

  • Fixed: SVGs now display as featured images in the admin area.

1.4.3 – 2017-03-06

  • Added: WordPress 4.7.3 Compatibility.
  • Changed: Expanded SVG previews in media library.

1.4.2 – 2017-02-26

  • Added: Check / fix for when mb_* functions are not available.

1.4.1 – 2017-02-23

  • Changed: Underlying library to allow attributes/tags in all case variations.

1.4.0 – 2017-02-21

  • Added: Ability to preview SVG on both grid and list view in the wp-admin media area
  • Changed: Underlying library version.

1.3.4 – 2017-02-20

  • Fixed: SVGZ uploads failing and not sanitising correctly.

1.3.3 – 2017-02-15

  • Changed: Allow SVGZ uploads.

1.3.2 – 2017-01-27

1.3.1 – 2016-12-01

  • Changed: Underlying library version.

1.3.0 – 2016-10-10

  • Changed: Minify SVGs after cleaning so they can be loaded correctly through file_get_contents.

1.2.0 – 2016-02-27

  • Added: Support for camel case attributes such as viewBox.

1.1.1 – 2016-07-06

  • Fixed: Issue with empty svg elements self-closing.

1.1.0 – 2015-07-04

  • Added: I18n.
  • Added: da, de ,en, es, fr, nl and ru translations.
  • Fixed: Issue with filename not being pulled over on failed uploads.

1.0.0 – 2015-07-03

  • Initial Release.