svg image support

    App
    WoltLab Suite Forum

    As many of you maybe aware more and more displays render in full 1080 high definition including Apple retina display and in the rare occasion 4k display. Now the one image format that renders this without issue on all displays and on all resolutions is SVG.


    Currently I can hostlink such a photo (which great). But I cannot at the moment upload one. Tried via the demo as well.


    [Blocked Image: http://cdn.sociallyuncensored.com/blacklogo.svg]

    Having users upload SVG is a bad idea, since SVG can contain JS and therefore SVGs are susceptible to XSS attacks and more.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

    Like 1
    Quote from Netzwerg

    Having users upload SVG is a bad idea, since SVG can contain JS and therefore SVGs are susceptible to XSS attacks and more.


    So can a jpg file (contain executable code).


    If you may recall Microsoft a few years back released several security updates concerning that. Most browsers have that fix as well. But we all don't abandon jpg files, now do we?


    However, I am open to suggestion to an alternative format that perhaps I am unaware of?

    I didn't mean that I am against this feature request. I only wanted to highlight that there is currently no sanitizing that i am aware of in WCF that protects you from those attacks, and that therefore allowing users to upload SVGs in current WCF installations as suggested by @Black Rider poses a potential security risk.

    "A life is like a garden. Perfect moments can be had, but not preserved, except in memory. LLAP" — Leonard Nimoy

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!

Register Yourself Login