- Issue created by @amaloisel
- First commit to issue fork.
- Merge request !45Issue #3487020 by mably: XSS validation on upload and not only display → (Open) created by mably
- 🇫🇷France mably
Looks like it could be done with a simple
hook_file_insert():/** * Implements hook_file_insert(). */ function svg_image_file_insert(FileInterface $file) { $fileUri = $file->getFileUri(); if (file_exists($fileUri) && $file->getMimeType() === 'image/svg+xml') { // Make sure that the SVG file is safe. $rawSvg = file_get_contents($fileUri); $sanitizedSvg = (new Sanitizer())->sanitize($rawSvg); file_put_contents($fileUri, $sanitizedSvg); } }Created MR, please review.
- 🇫🇷France amaloisel
Thank you @mably ! That is what I had in mind as well but no time yet to manage it.