- Issue created by @amaloisel
- First commit to issue fork.
- Merge request !45Issue #3487020 by mably: XSS validation on upload and not only display β (Open) created by mably
- π«π·France mably
Looks like it could be done with a simple
hook_file_insert():/** * Implements hook_file_insert(). */ function svg_image_file_insert(FileInterface $file) { $fileUri = $file->getFileUri(); if (file_exists($fileUri) && $file->getMimeType() === 'image/svg+xml') { // Make sure that the SVG file is safe. $rawSvg = file_get_contents($fileUri); $sanitizedSvg = (new Sanitizer())->sanitize($rawSvg); file_put_contents($fileUri, $sanitizedSvg); } }Created MR, please review.
- π«π·France amaloisel
Thank you @mably ! That is what I had in mind as well but no time yet to manage it.
- πΊπΈUnited States greggles Denver, Colorado, USA
This seems like a highly valuable feature before Drupal CMS 1.0 ships, so bumping priority.