Allow SVGs in the Image Uploader
Forum Index > Core > Suggestions > Rejected >
If you don't know what an SVG is, Google it, I'm not gonna try to explain it here. :P
I believe that SVG files should be permitted in the Image Uploader. Though they would likely be utilized by relatively few, the addition of SVG to the uploaded would bring along no negatives that come to mind.
However, I feel that they are likely not included due to being XML rather than a raw image, though aye, it's an image, I feel like there's gotta be some way to make it work. :P
The biggest issue I have at the moment is that SVGs are powerful. Too powerful.
I mean, you can put <script> tags in there and do crazy stuff... like the Pokéwalker (that's just one SVG file :D)
While most browsers support the Content-Security-Policy header, and using SVG in an <img> tag does prevent execution of scripts, I'd rather not open the door to uploading stuff that can be used to trick people into opening the image in an insecure browser, which could lead to security risks.
Sorry!
Cannot post: Please log in to post