Descrizione
Safe SVG è il miglior modo per autorizzare il caricamento di file SVG in WordPress!
Ti permette di abilitare il caricamento di file SVG, assicurandosi al tempo stesso che vengano sanificati per fermare le vulnerabilità SVG/XML che potrebbero colpire il tuo sito. Ti permette anche di visualizzare anteprime degli SVG caricati nella libreria dei media in tutte le modalità di visualizzazione.
Funzionalità attuali
- SVG sanificati – Non aprire falle di sicurezza nel tuo sito WordPress consentendo il caricamento di file non sanificati.
- SVGO Optimisation – Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code:
add_filter( 'safe_svg_optimizer_enabled', '__return_true' );
- Visualizza gli SVG nella libreria dei media – I giorni in cui dovevi indovinare quale SVG fosse quello giusto sono finiti, abiliteremo le anteprime SVG nella libreria dei media di WordPress.
- Scegli chi è autorizzato a caricare – Restringi il caricamento di SVG ad alcuni utenti sul tuo sito WordPress o permetteti a tutti di caricarli.
Inizialmente una prova di fattibilità per #24251.
La sanificazione dei file SVG è realizzata attraverso la seguente libreria: https://github.com/darylldoyle/svg-sanitizer.
L’ottimizzazione dei file SVG è realizzata attraverso la seguente libreria: https://github.com/svg/svgo.
Blocchi
Questo plugin fornisce 1 blocco.
- Safe SVG Display the SVG icon
Installazione
Installa attraverso la directory di WordPress o scarica, decomprimi e carica i file nella tua directory /wp-content/plugins/
FAQ
-
Sì, questo può essere fatto usando i filtri
svg_allowed_attributes
esvg_allowed_tags
.
Accettano un argomento che deve essere restituito. Vedi più sotto per degli esempi:add_filter( 'svg_allowed_attributes', function ( $attributes ) { // Do what you want here... // This should return an array so add your attributes to // to the $attributes array before returning it. E.G. $attributes[] = 'target'; // This would allow the target="" attribute. return $attributes; } ); add_filter( 'svg_allowed_tags', function ( $tags ) { // Do what you want here... // This should return an array so add your tags to // to the $tags array before returning it. E.G. $tags[] = 'use'; // This would allow the <use> element. return $tags; } );
Recensioni
Contributi e sviluppo
“Safe SVG” è un software open source. Le persone che hanno contribuito allo sviluppo di questo plugin sono indicate di seguito.
Collaboratori“Safe SVG” è stato tradotto in 22 lingue. Grazie ai traduttori per i loro contributi.
Traduci “Safe SVG” nella tua lingua.
Ti interessa lo sviluppo?
Esplora il codice segui il repository SVN, segui il log delle modifiche tramite RSS.
Changelog (registro delle modifiche)
2.2.4 – 2024-03-28
- Changed: Upgrade the
download-artifact
from v3 to v4 (props @iamdharmesh, @jeffpaul via #181). - Changed: Replaced
lee-dohm/no-response
withactions/stale
to help with closing no-response/stale issues (props @jeffpaul, @dkotter via #183). - Fixed: Ensure the svg file can be loaded before we try accessing it’s attributes (props @dkotter, @metashield-ie, @ocean90, @darylldoyle, @faisal-alvi via #186).
- Fixed: Ensure we don’t throw JS errors in the Classic Editor when the optimizer feature is turned on (props @dkotter, @turtlepod, @faisal-alvi via #187).
- Security: Bump
webpack-dev-middleware
from 5.3.3 to 5.3.4 (props @dependabot, @dkotter via #185). - Security: Bump
express
from 4.18.2 to 4.19.2 (props @dependabot, @dkotter via #188).
2.2.3 – 2024-03-20
- Added: Support for the WordPress.org plugin preview (props @dkotter, @jeffpaul via #167).
- Changed: Bump WordPress “tested up to” version 6.5 (props @dkotter, @jeffpaul via #180).
- Changed: Clean up NPM dependencies and update node to v20 (props @Sidsector9, @dkotter via #172).
- Fixed: Refactor the
svg_dimensions
function to be more performant (props @sksaju, @cjyabraham, @bmarshall511, @Hercilio1, @darylldoyle via #154, #174). - Fixed: Address fatal JS error when optimization is enabled and an item is published without blocks (props @psorensen, @tictag, @dkotter via #173).
- Security: Bump
axios
from 0.25.0 to 1.6.2 and@wordpress/scripts
from 26.0.0 to 26.18.0 (props @dependabot, @ravinderk via #166). - Security: Bump
follow-redirects
from 1.15.3 to 1.15.6 andip
from 1.1.8 to 1.1.9 (props @dependabot, @dkotter via #169, #177).
2.2.2 – 2023-11-21
- Changed: Bump WordPress “tested up to” version 6.4 (props @qasumitbagthariya, @jeffpaul via #162, #163).
- Fixed: Ensure CSS applies properly to the SVG Icon block when added via
theme.json
(props @tobeycodes, @dkotter via #161).
2.2.1 – 2023-10-23
- Changed: Update to
apiVersion
3 for our SVG Icon block (props @fabiankaegy, @ravinderk, @jeffpaul, @dkotter via #133). - Fixed: Address an error due to the SVG Icon block using the
fill-rule
attribute (props @zamanq, @jeffpaul, @iamdharmesh via #152). - Security: Bump
postcss
from 8.4.20 to 8.4.31 (props @dependabot, @faisal-alvi via #155). - Security: Bump
@cypress/request
from 2.88.12 to 3.0.1 andcypress
from 10.11.0 to 13.3.0 (props @dependabot, @ravinderk via #156). - Security: Bump
@babel/traverse
from 7.20.12 to 7.23.2 (props @dependabot, @iamdharmesh via #158).
2.2.0 – 2023-08-21
- Added: New settings that give the ability to select which user roles can upload SVG files (props @dhanendran, @csloisel, @faisal-alvi, @dkotter via #76).
- Added: SVG optimization during upload via SVGO. Feature is disabled by default but can be enabled using the
safe_svg_optimizer_enabled
filter (props @gsarig, @peterwilsoncc, @Sidsector9, @darylldoyle, @faisal-alvi, @dkotter, @ravinderk via #79, #145). - Added: Spacing and color controls added to SVG block (props @bmarshall511, @iamdharmesh via #135).
- Added: Mochawesome reporter added for Cypress test report (props @jayedul, @peterwilsoncc via #124).
- Changed: Update Support Level from
Active
toStable
(props @Sidsector9, @iamdharmesh via #100). - Changed: Update name of SVG block from Safe SVG Icon to Inline SVG (props @bmarshall511, @iamdharmesh via #135).
- Changed: Bump WordPress “tested up to” version 6.3 (props @dkotter, @jeffpaul via #144).
- Changed: Update the Dependency Review GitHub Action (props @jeffpaul, @Sidsector9 via #128).
- Fixed: Add namespace to the
class_exists
check (props @szepeviktor, @iamdharmesh via #120). - Fixed: Ensure Sanitizer class is properly imported (props @szepeviktor, @iamdharmesh via #121).
- Fixed: Remove an unneeded global (props @szepeviktor, @iamdharmesh via #122).
- Fixed: Use absolute path in require (props @szepeviktor, @iamdharmesh via #123).
- Fixed: Ensure custom classname added to SVG block is output on the front-end (props @bmarshall511, @Sidsector9, @dkotter via #130).
- Fixed: Ensure
SimpleXML
exists before using it (props @sdmtt, @faisal-alvi via #140). - Fixed: Fix markdown issues in the readme (props @szepeviktor, @iamdharmesh via #119).
- Security: Bump
semver
from 5.7.1 to 5.7.2 (props @dependabot via #134). - Security: Bump
word-wrap
from 1.2.3 to 1.2.5 (props @dependabot via #141). - Security: Bump
tough-cookie
from 4.1.2 to 4.1.3 and@cypress/request
from 2.88.10 to 2.88.12 (props @dependabot via #146).
2.1.1 – 2023-04-05
- Changed: Upgrade
@wordpress
npm package dependencies (props @ggutenberg, @Sidsector9 via #108). - Changed: Bump WordPress “tested up to” version 6.2 (props @ggutenberg, @Sidsector9 via #108).
- Changed: Run our E2E tests on the zip generated by “Build release zip” action (props @jayedul, @dkotter via #106).
- Fixed: Only load our block CSS if a page has the SVG block in it and remove an extra slash in the CSS file path. Remove an unneeded JS block file (props @dkotter, @freinbichler, @IanDelMar, @ocean90, @Sidsector9 via #112).
- Fixed: Better error handling for environments that don’t match our minimum PHP version (props @dkotter, @ravinderk via #111).
2.1.0 – 2023-03-22
- Added: An SVG Gutenberg Block (props @faisal-alvi, @Sidsector9, @cr0ybot, @darylldoyle, @cbirdsong, @jeffpaul via #80).
- Added: “Build release zip” GitHub Action (props @iamdharmesh, @dkotter, @faisal-alvi via #87).
- Changed: Bump minimum PHP version from 7.0 to 7.4 (props @iamdharmesh, @peterwilsoncc, @vikrampm1 via #82).
- Changed: Bump minimum WordPress version from 4.7 to 5.7 (props @iamdharmesh, @peterwilsoncc, @vikrampm1 via #82).
- Changed: Bump WordPress “tested up to” version 6.1 (props @iamdharmesh, @peterwilsoncc via #85).
- Security: Updates the underlying sanitisation library to pull in a security fix (props @darylldoyle, @faisal-alvi, @Cyxow via #105).
- Security: Bump
got
from 10.7.0 to 11.8.5 (props @dependabot via #83). - Security: Bump
@wordpress/env from
4.9.0 to 5.6.0 (props @dependabot via #83). - Security: Bump
simple-git
from 3.9.0 to 3.16.0 (props @dependabot via #88, #99). - Security: Bump
loader-utils
from 2.0.2 to 2.0.4 (props @dependabot via #92). - Security: Bump
json5
from 1.0.1 to 1.0.2 (props @dependabot via #91). - Security: Bump
decode-uri-component
from 0.2.0 to 0.2.2 (props @dependabot via #93). - Security: Bump
markdown-it
from 12.0.4 to 12.3.2 (props @dependabot, @peterwilsoncc via #94). - Security: Bump
@wordpress/scripts
from 19.2.4 to 25.1.0 (props @dependabot, @peterwilsoncc via #94). - Security: Bump
http-cache-semantics
from 4.1.0 to 4.1.1 (props @dependabot, @peterwilsoncc via #101). - Security: Bump
webpack
from 5.75.0 to 5.76.1 (props @dependabot, @faisal-alvi via #103). - Security: Bump
svg-sanitizer
from 0.15.2 to 0.16.0 (props @darylldoyle, @faisal-alvi, @Cyxow via #105).
Earlier versions
For the changelog of earlier versions, please refer to the changelog on github.com.