Why does Wordpress not permit svg image files by default?

4
votes

Why can't I upload SVG image files to Wordpress(4.2.2) by default? when you try you get the message:

Sorry, this file type is not permitted for security reasons.

I know this problem has been around for a while, and I've used this solution in the past, from https://css-tricks.com/snippets/wordpress/allow-svg-through-wordpress-media-uploader/, :

function cc_mime_types($mimes) {
  $mimes['svg'] = 'image/svg+xml';
  return $mimes;
}
add_filter('upload_mimes', 'cc_mime_types');

But what are the security implications of allowing this behaviour and why has it been disabled by default?

2
wordpresssecuritysvg

2 Answers

2
votes

SVG files are fairly rich in that they contain XML and even JavaScript. As such, the processing of these files is riskier than processing simpler image formats.

-2
votes

SVG image type not showing in wordpress

function my_media_types($media_types){
    $media_types['svg'] = 'image/svg+xml'; 
    $media_types['psd'] = 'image/vnd.adobe.photoshop'; 
    return $media_types;
}
add_filter('upload_mimes', 'my_media_types', 1, 1);

by defalut wordpress not support svg because svg conveted to xml file when you can set .svg image than it's all data as a xml format for security reason wordpress not allow by defalut svg or site hacked by xml file because xml show all data