{"id":22281984,"url":"https://github.com/10up/safe-svg","last_synced_at":"2025-05-14T18:07:40.030Z","repository":{"id":38329733,"uuid":"134012236","full_name":"10up/safe-svg","owner":"10up","description":"Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.","archived":false,"fork":false,"pushed_at":"2025-04-23T17:11:56.000Z","size":4280,"stargazers_count":300,"open_issues_count":21,"forks_count":34,"subscribers_count":49,"default_branch":"develop","last_synced_at":"2025-05-08T03:37:05.407Z","etag":null,"topics":["file","graphic","hacktoberfest","image","media","mime","sanitize","security","svg","svg-upload","upload","vector","wordpress"],"latest_commit_sha":null,"homepage":"https://wordpress.org/plugins/safe-svg/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/10up.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-18T23:13:04.000Z","updated_at":"2025-05-02T06:56:35.000Z","dependencies_parsed_at":"2023-10-23T19:35:43.479Z","dependency_job_id":"2ba32591-6a2c-45a9-b56b-5ff7673a0ce5","html_url":"https://github.com/10up/safe-svg","commit_stats":{"total_commits":386,"total_committers":38,"mean_commits":"10.157894736842104","dds":0.7927461139896373,"last_synced_commit":"cec1bc7d2329e998f6bf8acf967c1acea93267a0"},"previous_names":[],"tags_count":28,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/10up%2Fsafe-svg","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/10up%2Fsafe-svg/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/10up%2Fsafe-svg/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/10up%2Fsafe-svg/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/10up","download_url":"https://codeload.github.com/10up/safe-svg/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254198514,"owners_count":22030966,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["file","graphic","hacktoberfest","image","media","mime","sanitize","security","svg","svg-upload","upload","vector","wordpress"],"created_at":"2024-12-03T16:24:17.214Z","updated_at":"2025-05-14T18:07:35.021Z","avatar_url":"https://github.com/10up.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Safe SVG\n\n![Safe SVG](https://github.com/10up/safe-svg/blob/develop/.wordpress-org/banner-1544x500.png)\n\n[![Support Level](https://img.shields.io/badge/support-stable-blue.svg)](#support-level) ![Required PHP Version](https://img.shields.io/wordpress/plugin/required-php/safe-svg?label=Requires%20PHP) ![Required WP Version](https://img.shields.io/wordpress/plugin/wp-version/safe-svg?label=Requires%20WordPress) ![WordPress tested up to version](https://img.shields.io/wordpress/plugin/tested/safe-svg?label=WordPress) [![GPL-2.0-or-later License](https://img.shields.io/github/license/10up/safe-svg.svg)](https://github.com/10up/safe-svg/blob/develop/LICENSE.md) [![Dependency Review](https://github.com/10up/safe-svg/actions/workflows/dependency-review.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/dependency-review.yml) [![E2E test](https://github.com/10up/safe-svg/actions/workflows/cypress.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/cypress.yml) [![PHP Compatibility](https://github.com/10up/safe-svg/actions/workflows/php-compatibility.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/php-compatibility.yml) [![PHPCS](https://github.com/10up/safe-svg/actions/workflows/phpcs.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/phpcs.yml) [![PHPUnit](https://github.com/10up/safe-svg/actions/workflows/phpunit.yml/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/phpunit.yml) [![CodeQL](https://github.com/10up/safe-svg/actions/workflows/github-code-scanning/codeql/badge.svg)](https://github.com/10up/safe-svg/actions/workflows/github-code-scanning/codeql) [![WordPress Playground Demo](https://img.shields.io/wordpress/plugin/v/safe-svg?logo=wordpress\u0026logoColor=FFFFFF\u0026label=Playground%20Demo\u0026labelColor=3858E9\u0026color=3858E9)](https://playground.wordpress.net/?blueprint-url=https://raw.githubusercontent.com/10up/safe-svg/update/badges/.wordpress-org/blueprints/blueprint.json)\n\n\u003e Enable SVG uploads and sanitize them to stop XML/SVG vulnerabilities in your WordPress website.\n\n## Overview\n\nSafe SVG is the best way to Allow SVG Uploads in WordPress!\n\nIt gives you the ability to allow SVG uploads whilst making sure that they're sanitized to stop SVG/XML vulnerabilities affecting your site.  It also gives you the ability to preview your uploaded SVGs in the media library in all views.\n\n### Current Features\n\n* **Sanitised SVGs** - Don't open up security holes in your WordPress site by allowing uploads of unsanitised files.\n* **SVGO Optimisation** - Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code: `add_filter( 'safe_svg_optimizer_enabled', '__return_true' );`\n* **View SVGs in the Media Library** - Gone are the days of guessing which SVG is the correct one, we'll enable SVG previews in the WordPress media library.\n* **Choose Who Can Upload** - Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload.\n\nInitially a proof of concept for [#24251](https://core.trac.wordpress.org/ticket/24251).\n\nSVG Sanitization is done through the following library: [https://github.com/darylldoyle/svg-sanitizer](https://github.com/darylldoyle/svg-sanitizer).\n\nSVG Optimization is done through the following library: [https://github.com/svg/svgo](https://github.com/svg/svgo).\n\n## Requirements\n\n* PHP 7.4+\n* [WordPress](http://wordpress.org/) 6.6+\n\n## Installation\n\nInstall through the WordPress directory or download, unzip and upload the files to your `/wp-content/plugins/` directory.\n\n## Frequently Asked Questions\n\n### Can we change the allowed attributes and tags?\n\nYes, this can be done using the `svg_allowed_attributes` and `svg_allowed_tags` filters.\nThey take one argument that must be returned. See below for examples:\n\n```php\nadd_filter( 'svg_allowed_attributes', function ( $attributes ) {\n\n    // Do what you want here...\n\n    // This should return an array so add your attributes to\n    // to the $attributes array before returning it. E.G.\n\n    $attributes[] = 'target'; // This would allow the target=\"\" attribute.\n\n    return $attributes;\n} );\n\n\nadd_filter( 'svg_allowed_tags', function ( $tags ) {\n\n    // Do what you want here...\n\n    // This should return an array so add your tags to\n    // to the $tags array before returning it. E.G.\n\n    $tags[] = 'use'; // This would allow the \u003cuse\u003e element.\n\n    return $tags;\n} );\n```\n\n## Support Level\n\n**Stable:** 10up is not planning to develop any new features for this, but will still respond to bug reports and security concerns. We welcome PRs, but any that include new features should be small and easy to integrate and should not include breaking changes. We otherwise intend to keep this tested up to the most recent version of WordPress.\n\n## Changelog\n\nA complete listing of all notable changes to Safe SVG are documented in [CHANGELOG.md](CHANGELOG.md).\n\n## Contributing\n\nPlease read [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for details on our code of conduct,\n[CONTRIBUTING.md](CONTRIBUTING.md) for details on the process for submitting pull requests to us,\nand [CREDITS.md](CREDITS.md) for a listing of maintainers of, contributors to, and libraries used by Safe SVG.\n\n## Like what you see?\n\n\u003ca href=\"http://10up.com/contact/\"\u003e\u003cimg src=\"https://10up.com/uploads/2016/10/10up-Github-Banner.png\" width=\"850\" alt=\"Work with us at 10up\"\u003e\u003c/a\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F10up%2Fsafe-svg","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F10up%2Fsafe-svg","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F10up%2Fsafe-svg/lists"}