描述
Safe SVG is the best way to Allow SVG Uploads in WordPress!
It gives you the ability to allow SVG uploads whilst making sure that they’re sanitized to stop SVG/XML vulnerabilities affecting your site. It also gives you the ability to preview your uploaded SVGs in the media library in all views.
Current Features
- Sanitised SVGs – Don’t open up security holes in your WordPress site by allowing uploads of unsanitised files.
- SVGO Optimisation – Runs your SVGs through the SVGO tool on upload to save you space. This feature is disabled by default but can be enabled by adding the following code:
add_filter( 'safe_svg_optimizer_enabled', '__return_true' ); - View SVGs in the Media Library – Gone are the days of guessing which SVG is the correct one, we’ll enable SVG previews in the WordPress media library.
- Choose Who Can Upload – Restrict SVG uploads to certain users on your WordPress site or allow anyone to upload.
Initially a proof of concept for #24251.
SVG Sanitization is done through the following library: https://github.com/darylldoyle/svg-sanitizer.
SVG Optimization is done through the following library: https://github.com/svg/svgo.
区块
该插件提供了 1 个区块.
- Safe SVG Display the SVG icon
安装
Install through the WordPress directory or download, unzip and upload the files to your /wp-content/plugins/ directory
常见问题
-
Yes, this can be done using the
svg_allowed_attributesandsvg_allowed_tagsfilters.
They take one argument that must be returned. See below for examples:add_filter( 'svg_allowed_attributes', function ( $attributes ) { // Do what you want here... // This should return an array so add your attributes to // to the $attributes array before returning it. E.G. $attributes[] = 'target'; // This would allow the target="" attribute. return $attributes; } ); add_filter( 'svg_allowed_tags', function ( $tags ) { // Do what you want here... // This should return an array so add your tags to // to the $tags array before returning it. E.G. $tags[] = 'use'; // This would allow the <use> element. return $tags; } );
评价
2025 年 11 月 19 日
1 回复
Nice And Easy plugin for using SVG files
2025 年 6 月 21 日
1 回复
Would have given a 5 star, but it seems support is missing for the taxonomy / terms section (like in categories) upload for SVG images. Keep getting an error that the upload isn’t supported. Hopefully this will be fixed in a future update. Will update once this is added. Cheers!
2025 年 4 月 30 日
1 回复
Great plugin! very usefull, but please can you add the possibility to add an inline SVG on the block pasting svg code?
Thanks!
2025 年 3 月 25 日
1 回复
Thanks to the plugin developers. The plugin helped me solve my issue.
2024 年 11 月 14 日
1 回复
Thanks for creating this plugin!
2024 年 7 月 31 日
I didn’t look into it but this plugin caused my homepage in translations to take about 30 seconds to load, instead of 1-2. We use WPML. It was back to normal the moment I deleted the plugin.
贡献者及开发者
更新日志
2.4.0 – 2025-09-22
- Added: Ability to upload SVGs from more admin locations (props @stormrockwell, @darylldoyle, @wpexplorer, @smerriman, @jeffpaul, @dkotter via #279).
- Changed: Added
$attachment_idargument to filterssafe_svg_use_width_height_attributesandsafe_svg_dimensions(props @roborourke, @dkotter via #278). - Fixed: Inconsistent or incorrect data type for
$svgargument in the filterssafe_svg_use_width_height_attributesandsafe_svg_dimensions(props @roborourke, @dkotter via #278).
2.3.3 – 2025-08-13
- Security: Update the
enshrined/svg-sanitizepackage from0.19.0to0.22.0to fix an issue with case-insensitive attributes slipping through the sanitiser and address PHP 8.4 deprecation warnings (props @darylldoyle, @sudar, @georgestephanis, @dkotter, @realazizk via #268, #272). - Security: Bump
form-datafrom 4.0.0 to 4.0.4 (props @dependabot, @faisal-alvi via #270). - Security: Bump
tmpfrom 0.2.3 to 0.2.5 and@inquirer/editorfrom 4.2.9 to 4.2.16 (props @dependabot, @dkotter via #271).
2.3.2 – 2025-07-21
- Fixed: Visual parity between the front end and the block editor (props @s3rgiosan, @dkotter via #261, #266).
- Changed: Bump WordPress “tested up to” version 6.8 (props @godleman, @jeffpaul, @dkotter via #251, #254).
- Changed: Bump WordPress minimum supported version to 6.6 (props @godleman, @jeffpaul, @dkotter via #254).
- Security: Bump
wsfrom 7.5.10 to 8.18.0,@wordpress/scriptsfrom 27.9.0 to 30.6.0,nanoidfrom 3.3.7 to 3.3.8 andmochafrom 10.2.0 to 11.0.1 (props @dependabot, @peterwilsoncc via #245). - Security: Bump
@babel/runtimefrom 7.23.9 to 7.27.0,axiosfrom 1.7.4 to 1.8.4,cookiefrom 0.4.2 to 0.7.1,expressfrom 4.21.0 to 4.21.2 and@wordpress/e2e-test-utils-playwrightfrom 0.26.0 to 1.20.0 (props @dependabot, @dkotter via #250). - Security: Bump
http-proxy-middlewarefrom 2.0.6 to 2.0.9 (props @dependabot, @iamdharmesh via #253). - Security: Bump
tar-fsfrom 3.0.8 to 3.0.9 (props @dependabot, @dkotter via #258). - Security: Bump
bytesfrom 3.0.0 to 3.1.2 andcompressionfrom 1.7.4 to 1.8.1 (props @dependabot, @dkotter via #265).
2.3.1 – 2024-12-05
- Fixed: Revert changes made to how we determine custom dimensions for SVGs (props @dkotter, @martinpl, @subfighter3, @smerriman, @gigatyrant, @jeffpaul, @iamdharmesh via #238).
2.3.0 – 2024-11-25
- Added: New setting that allows large SVG files (roughly 10MB or greater) to be uploaded and sanitized properly (props @kirtangajjar, @faisal-alvi, @darylldoyle, @manojsiddoji, @dkotter via #201).
- Added: New
get_svg_dimensionsfunction in order to reduce code duplication (props @gabriel-glo, @jeremymoore, @darylldoyle, @iamdharmesh, @dkotter via #216). - Changed: Updated the
enshrined/svg-sanitizepackage from 0.16.0 to 0.19.0 to fix a PHP 8.3 compatibility issue (props @sksaju, @TylerB24890, @darylldoyle, @rolf-yoast, @faisal-alvi via #214). - Changed: Update how image dimensions are passed in
get_image_tag_overrideandone_pixel_fixmethods (props @gabriel-glo, @jeremymoore, @darylldoyle, @iamdharmesh, @dkotter via #216). - Changed: Bump WordPress “tested up to” version to 6.7 (props @colinswinney, @jeffpaul via #232, #233).
- Changed: Bump WordPress minimum from 6.4 to 6.5 (props @colinswinney, @jeffpaul via #232, #233).
- Changed: Remove composer dev dependencies from archived project (props @TylerB24890, @szepeviktor, @peterwilsoncc via #220).
- Fixed: Use proper block category for the Safe SVG Icon block (props @kirtangajjar, @fabiankaegy via #226).
- Security: Only allow SVG file types to be uploaded if our sanitizer is able to run on those files (props @darylldoyle, @xknown, @dkotter via #228).
- Security: Bump
webpackfrom 5.90.1 to 5.94.0 (props @dependabot, @peterwilsoncc via #222). - Security: Bump
wsfrom 7.5.10 to 8.18.0,serve-staticfrom 1.15.0 to 1.16.2 andexpressfrom 4.19.2 to 4.21.0 (props @dependabot, @Sidsector9, @faisal-alvi via #227, #230, #234).
2.2.6 – 2024-08-28
- Changed: Bump WordPress “tested up to” version to 6.6 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).
- Changed: Bump WordPress minimum from 5.7 to 6.4 (props @sudip-md, @ankitguptaindia, @jeffpaul via #212, #213).
- Security: Add svg sanitization on the
wp_handle_sideload_prefilterfilter (props @dkotter, @xknown, @iamdharmesh via GHSA-3vr7-86pg-hf4g). - Security: Bump
bracesfrom 3.0.2 to 3.0.3,pac-resolverfrom 7.0.0 to 7.0.1,socksfrom 2.7.1 to 2.8.3,wsfrom 7.5.9 to 7.5.10 and removeip(props @dependabot, @Sidsector9 via #206). - Security: Bump
axiosfrom 1.6.7 to 1.7.4 (props @dependabot, @faisal-alvi via #218).