Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#46636 closed defect (bug) (duplicate)

Error for SVG

Reported by: prajakta-gadhave's profile prajakta gadhave Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords: needs-patch
Focuses: Cc:



I am one of the developer of Ultimate addons for Gutenberg.

We use the SVG icon for some of our blocks. If we create a block using the admin role then everything works fine. But the same block using the author role throws an error for SVG.

Here is the error we get after save - Block validation: Expected token of type StartTag({type: "StartTag", tagName: "svg", attributes: Array(2), selfClosing: false}), instead sawEndTag ({type: "EndTag", tagName: "div"}).

Can you please let me know what is the solution for this? Why SVG is not acceptable in save block if the user role is Author?

Thank you!

Prajakta Gadhave.

Change History (1)

#1 @swissspidy
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

The original report for reference:

By default, users without the unfiltered_html capability are not allowed to upload SVG files for security reaons, and it seems the same applies to manually adding svg elements in post content. SVGs can contain malicious JavaScript, and it's not trivial to sanitize them. There are plugins that utilize dedicated libraries for this.

For your block you could think about rendering them in PHP using render_callback instead of saving any SVG directly.

Apart from that, we are tracking SVG support in core in #24251, so I am closing this ticket here as a duplicate in order to keep discussion at one place.

Note: See TracTickets for help on using tickets.