Greetings.
I've been experimenting with SVG files. And i have been thinking why Joomla does not upload them through the uploaders and media manager. The point is i'm setting images via the interface and changing manually the image location to the SVG file manually (using JCE Editor's image dialog) and there it is admitted.
I'm not sure how viable is that SVG can be admitted into the image formats for upload.
Anyway is an idea i had.
Thanks for reading
SVG compatibility in Images by default
- john-doe
- Joomla! Ace
- Posts: 1008
- Joined: Tue Apr 19, 2011 7:39 pm
- Location: Colombia
- Contact:
SVG compatibility in Images by default
www.aldemar-hernandez.com - Custom templates and design services.
- brian
- Joomla! Master
- Posts: 12787
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: SVG compatibility in Images by default
The reason why they are not enabled by default is that they are a potential security issue
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
- john-doe
- Joomla! Ace
- Posts: 1008
- Joined: Tue Apr 19, 2011 7:39 pm
- Location: Colombia
- Contact:
Re: SVG compatibility in Images by default
I had no idea about it.brian wrote:The reason why they are not enabled by default is that they are a potential security issue
Do you know where can i get more detailed information about that security issue?
www.aldemar-hernandez.com - Custom templates and design services.
- brian
- Joomla! Master
- Posts: 12787
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: SVG compatibility in Images by default
You can add javascript code right inside the svg element.
Google is your friend for more information
Google is your friend for more information
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
- john-doe
- Joomla! Ace
- Posts: 1008
- Joined: Tue Apr 19, 2011 7:39 pm
- Location: Colombia
- Contact:
Re: SVG compatibility in Images by default
How so? I do my SVGs in Adobe Illustrator and i set the SVG files inside of IMG tags. i searched but i can't understand much (I'm graphic designer)brian wrote:You can add javascript code right inside the svg element.
www.aldemar-hernandez.com - Custom templates and design services.
- brian
- Joomla! Master
- Posts: 12787
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: SVG compatibility in Images by default
Sorry I am not going to explain how to make an SVG that can be used to attack a web site
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
- john-doe
- Joomla! Ace
- Posts: 1008
- Joined: Tue Apr 19, 2011 7:39 pm
- Location: Colombia
- Contact:
Re: SVG compatibility in Images by default
I DID NOT ASKED FOR THATbrian wrote:Sorry I am not going to explain how to make an SVG that can be used to attack a web site
www.aldemar-hernandez.com - Custom templates and design services.
Re: SVG compatibility in Images by default
That's essentially the answer you would get though. SVG syntax is structured in a way that it's much easier to create files with exploits in them than "normal" image files and thus far there isn't a good method to scan those files to determine if they're exploited and block the upload.