security - Why does Wordpress not permit svg image files by default? -


why can't upload svg image files wordpress(4.2.2) default? when try message:

sorry, file type not permitted security reasons.

i know problem has been around while, , i've used solution in past, https://css-tricks.com/snippets/wordpress/allow-svg-through-wordpress-media-uploader/, :

function cc_mime_types($mimes) {   $mimes['svg'] = 'image/svg+xml';   return $mimes; } add_filter('upload_mimes', 'cc_mime_types'); 

but security implications of allowing behaviour , why has been disabled default?

svg files rich in contain xml , javascript. such, processing of these files riskier processing simpler image formats.


Comments

Popular posts from this blog

twig - Using Twigbridge in a Laravel 5.1 Package -

jdbc - Not able to establish database connection in eclipse -

firemonkey - How do I make a beep sound in Android using Delphi and the API? -