[wp-trac] [WordPress Trac] #24251: Reconsider SVG inclusion to get_allowed_mime_types
WordPress Trac
noreply at wordpress.org
Tue Dec 30 09:36:17 UTC 2025
#24251: Reconsider SVG inclusion to get_allowed_mime_types
-------------------------------+------------------------------
Reporter: JustinSainton | Owner: (none)
Type: enhancement | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Upload | Version:
Severity: normal | Resolution:
Keywords: early 2nd-opinion | Focuses:
-------------------------------+------------------------------
Comment (by huubl):
Maybe consider a 'deny-first' validation as the [https://github.com/roots
/allow-svg roots/allow-svg] plugin uses: it rejects SVGs with unsafe
content outright instead of trying to sanitize them, which is simpler and
avoids the complexity and potential gaps of sanitization logic that tries
to clean every file.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24251#comment:110>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list