[wp-trac] [WordPress Trac] #63149: safecss_filter_attr does not support base64 SVG image in background-image.
WordPress Trac
noreply at wordpress.org
Sat Mar 22 21:31:44 UTC 2025
#63149: safecss_filter_attr does not support base64 SVG image in background-image.
--------------------------+-----------------------------
Reporter: jamal59 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 6.7.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Hi,
I want to use "base64 SVG image" as background-image but the function does
not work properly.
{{{#!php
<?php
$css = "background-image:
url('data:image/svg+xml;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNDggNDgiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PGNpcmNsZSBmaWxsPSIjMDBmIiBjeD0iMjQiIGN5PSIyNCIgcj0iMTUiLz48L3N2Zz4='),
url('data:image/svg+xml;base64,PHN2ZyB2aWV3Qm94PSIwIDAgNDggNDgiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHJlY3QgZmlsbD0iI2YwMCIgd2lkdGg9IjQ4IiBoZWlnaHQ9IjQ4IiAvPjwvc3ZnPgo=')";
echo '<span style="' . safecss_filter_attr( $css ) . '"></span>';
//output: <span style="background-image: url('data:image/svg+xml"></span>
}}}
The following codes are used in the **safecss_filter_attr** function to
break the CSS, but **because base64 uses two characters ":" and ";"** the
function does not work properly.
data:image/svg+xml;base64,PHN...
{{{#!php
<?php
$css_array = explode( ';', trim( $css ) );
.
.
.
if ( ! str_contains( $css_item, ':' ) ) {
$found = true;
} else {
$parts = explode( ':', $css_item, 2 );
}}}
regards
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63149>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list