WordPress.org

Make WordPress Core

Opened 9 months ago

Closed 9 months ago

#46636 closed defect (bug) (duplicate)

Error for SVG

Reported by: prajakta gadhave Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords: needs-patch
Focuses: Cc:
PR Number:

Description

Hello,

I am one of the developer of Ultimate addons for Gutenberg.

We use the SVG icon for some of our blocks. If we create a block using the admin role then everything works fine. But the same block using the author role throws an error for SVG.

Here is the error we get after save - Block validation: Expected token of type StartTag({type: "StartTag", tagName: "svg", attributes: Array(2), selfClosing: false}), instead sawEndTag ({type: "EndTag", tagName: "div"}).

Can you please let me know what is the solution for this? Why SVG is not acceptable in save block if the user role is Author?

Thank you!

Regards,
Prajakta Gadhave.

Change History (1)

#1 @swissspidy
9 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

The original report for reference: https://github.com/WordPress/gutenberg/issues/14610

By default, users without the unfiltered_html capability are not allowed to upload SVG files for security reaons, and it seems the same applies to manually adding svg elements in post content. SVGs can contain malicious JavaScript, and it's not trivial to sanitize them. There are plugins that utilize dedicated libraries for this.

For your block you could think about rendering them in PHP using render_callback instead of saving any SVG directly.

Apart from that, we are tracking SVG support in core in #24251, so I am closing this ticket here as a duplicate in order to keep discussion at one place.

Note: See TracTickets for help on using tickets.