SVG compatibility in Images by default

Do you have an idea for the Joomla community that you can help implement? Discuss in here.
Forum rules
Global Rules
Posting guidelines for this board <-- please read before posting.

Joomla Idea Pool <-- Add your suggestions for future versions of Joomla and vote on current suggestions.
Locked
User avatar
john-doe
Joomla! Guru
Joomla! Guru
Posts: 875
Joined: Tue Apr 19, 2011 7:39 pm
Location: Colombia
Contact:

SVG compatibility in Images by default

Post by john-doe » Mon Apr 03, 2017 4:18 pm

Greetings.

I've been experimenting with SVG files. And i have been thinking why Joomla does not upload them through the uploaders and media manager. The point is i'm setting images via the interface and changing manually the image location to the SVG file manually (using JCE Editor's image dialog) and there it is admitted.

I'm not sure how viable is that SVG can be admitted into the image formats for upload.

Anyway is an idea i had.

Thanks for reading
www.aldemar-hernandez.com - Custom templates and design services.

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11760
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: SVG compatibility in Images by default

Post by brian » Tue Apr 04, 2017 1:17 pm

The reason why they are not enabled by default is that they are a potential security issue
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
john-doe
Joomla! Guru
Joomla! Guru
Posts: 875
Joined: Tue Apr 19, 2011 7:39 pm
Location: Colombia
Contact:

Re: SVG compatibility in Images by default

Post by john-doe » Tue Apr 04, 2017 1:24 pm

brian wrote:The reason why they are not enabled by default is that they are a potential security issue
I had no idea about it.

Do you know where can i get more detailed information about that security issue?
www.aldemar-hernandez.com - Custom templates and design services.

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11760
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: SVG compatibility in Images by default

Post by brian » Tue Apr 04, 2017 1:27 pm

You can add javascript code right inside the svg element.

Google is your friend for more information
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
john-doe
Joomla! Guru
Joomla! Guru
Posts: 875
Joined: Tue Apr 19, 2011 7:39 pm
Location: Colombia
Contact:

Re: SVG compatibility in Images by default

Post by john-doe » Tue Apr 04, 2017 3:03 pm

brian wrote:You can add javascript code right inside the svg element.
How so? I do my SVGs in Adobe Illustrator and i set the SVG files inside of IMG tags. i searched but i can't understand much (I'm graphic designer)
www.aldemar-hernandez.com - Custom templates and design services.

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11760
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: SVG compatibility in Images by default

Post by brian » Tue Apr 04, 2017 3:04 pm

Sorry I am not going to explain how to make an SVG that can be used to attack a web site
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
john-doe
Joomla! Guru
Joomla! Guru
Posts: 875
Joined: Tue Apr 19, 2011 7:39 pm
Location: Colombia
Contact:

Re: SVG compatibility in Images by default

Post by john-doe » Tue Apr 04, 2017 3:07 pm

brian wrote:Sorry I am not going to explain how to make an SVG that can be used to attack a web site
I DID NOT ASKED FOR THAT
www.aldemar-hernandez.com - Custom templates and design services.

mbabker
Joomla! Hero
Joomla! Hero
Posts: 2212
Joined: Sun Feb 28, 2010 8:26 pm

Re: SVG compatibility in Images by default

Post by mbabker » Tue Apr 04, 2017 4:51 pm

That's essentially the answer you would get though. SVG syntax is structured in a way that it's much easier to create files with exploits in them than "normal" image files and thus far there isn't a good method to scan those files to determine if they're exploited and block the upload.


Locked

Return to “Joomla! Ideas Forum”