外掛說明
使用 Safe SVG 外掛是在 WordPress 網站上開放 SVG 檔案上傳的最佳方式。
這個外掛能開放 WordPress 網站上傳 SVG 檔案的功能,並確保 SVG 檔案經過必要的處理,以避免觸發 SVG/XML 漏洞影響網站,同時也能讓使用者在媒體庫的各種檢視模式中預覽已上傳的 SVG 檔案。
目前功能
- 處理 SVG 檔案:不會允許未經處理的 SVG 檔案上傳,以避免觸發 WordPress 網站的安全性漏洞。
- SVGO 最佳化:在上傳 SVG 檔案時使用 SVGO 工具最佳化以節省網站儲存空間。這項功能預設為停用,但可以使用所列程式碼加以啟用:
add_filter( 'safe_svg_optimizer_enabled', '__return_true' ); - 在媒體庫中檢視 SVG 檔案:不需要去回想哪個 SVG 檔案是哪天上傳的,這個外掛提供在 WordPress 媒體庫中預覽 SVG 檔案的功能。
- 設定可上傳 SVG 檔案的使用者:設定指定使用者才能上傳 SVG 檔案,或開放全部使用者均可上傳。
開發這個外掛的想法源自 #24251 這個功能需求。
SVG 檔案的處理使用 https://github.com/darylldoyle/svg-sanitizer 所提供的函式庫。
已透過所列函式庫完成 SVG 最佳化功能:https://github.com/svg/svgo。
適用於區塊編輯器
這個外掛提供 1 個可供 Gutenberg/區塊編輯器使用的區塊。
- Safe SVG Display the SVG icon
安裝方式
透過 WordPress 外掛目錄安裝,或下載安裝檔案後解壓縮,上傳解壓縮所得的資料夾及其全部檔案至 /wp-content/plugins/ 目錄。
常見問題集
-
可以,這可以透過
svg_allowed_attributes及svg_allowed_tags篩選器完成。
這 2 個篩選器分別使用一個必須回傳值的引數。以下是範例程式碼:add_filter( 'svg_allowed_attributes', function ( $attributes ) { // Do what you want here... // This should return an array so add your attributes to // to the $attributes array before returning it. E.G. $attributes[] = 'target'; // This would allow the target="" attribute. return $attributes; } ); add_filter( 'svg_allowed_tags', function ( $tags ) { // Do what you want here... // This should return an array so add your tags to // to the $tags array before returning it. E.G. $tags[] = 'use'; // This would allow the <use> element. return $tags; } );
使用者評論
2023 年 8 月 16 日
1 則留言
I don't understand why this isn't in core wordpress. Plugin integrates flawlessly into the website and causes no issues.
2023 年 7 月 15 日
1 則留言
Does what is says. Quick and easy.
2023 年 5 月 17 日
1 則留言
Easy plugin for enabling svg uploads on your wordpress site
2022 年 11 月 30 日
1 則留言
Great little plugin that does exactly what it says. And does it easily. (Still not sure why SVGs are not supported natively but that's another discussion) Thank you, job well done!
2022 年 8 月 16 日
1 則留言
Works like a charm
2022 年 4 月 1 日
1 則留言
Great plugin, does what it says. Should be core functionality.
參與者及開發者
變更記錄
2.2.2 – 2023-11-21
- Changed: Bump WordPress “tested up to” version 6.4 (props @qasumitbagthariya, @jeffpaul via #162, #163).
- Fixed: Ensure CSS applies properly to the SVG Icon block when added via
theme.json(props @tobeycodes, @dkotter via #161).
2.2.1 – 2023-10-23
- Changed: Update to
apiVersion3 for our SVG Icon block (props @fabiankaegy, @ravinderk, @jeffpaul, @dkotter via #133). - Fixed: Address an error due to the SVG Icon block using the
fill-ruleattribute (props @zamanq, @jeffpaul, @iamdharmesh via #152). - Security: Bump
postcssfrom 8.4.20 to 8.4.31 (props @dependabot, @faisal-alvi via #155). - Security: Bump
@cypress/requestfrom 2.88.12 to 3.0.1 andcypressfrom 10.11.0 to 13.3.0 (props @dependabot, @ravinderk via #156). - Security: Bump
@babel/traversefrom 7.20.12 to 7.23.2 (props @dependabot, @iamdharmesh via #158).
2.2.0 – 2023-08-21
- Added: New settings that give the ability to select which user roles can upload SVG files (props @dhanendran, @csloisel, @faisal-alvi, @dkotter via #76).
- Added: SVG optimization during upload via SVGO. Feature is disabled by default but can be enabled using the
safe_svg_optimizer_enabledfilter (props @gsarig, @peterwilsoncc, @Sidsector9, @darylldoyle, @faisal-alvi, @dkotter, @ravinderk via #79, #145). - Added: Spacing and color controls added to SVG block (props @bmarshall511, @iamdharmesh via #135).
- Added: Mochawesome reporter added for Cypress test report (props @jayedul, @peterwilsoncc via #124).
- Changed: Update Support Level from
ActivetoStable(props @Sidsector9, @iamdharmesh via #100). - Changed: Update name of SVG block from Safe SVG Icon to Inline SVG (props @bmarshall511, @iamdharmesh via #135).
- Changed: Bump WordPress “tested up to” version 6.3 (props @dkotter, @jeffpaul via #144).
- Changed: Update the Dependency Review GitHub Action (props @jeffpaul, @Sidsector9 via #128).
- Fixed: Add namespace to the
class_existscheck (props @szepeviktor, @iamdharmesh via #120). - Fixed: Ensure Sanitizer class is properly imported (props @szepeviktor, @iamdharmesh via #121).
- Fixed: Remove an unneeded global (props @szepeviktor, @iamdharmesh via #122).
- Fixed: Use absolute path in require (props @szepeviktor, @iamdharmesh via #123).
- Fixed: Ensure custom classname added to SVG block is output on the front-end (props @bmarshall511, @Sidsector9, @dkotter via #130).
- Fixed: Ensure
SimpleXMLexists before using it (props @sdmtt, @faisal-alvi via #140). - Fixed: Fix markdown issues in the readme (props @szepeviktor, @iamdharmesh via #119).
- Security: Bump
semverfrom 5.7.1 to 5.7.2 (props @dependabot via #134). - Security: Bump
word-wrapfrom 1.2.3 to 1.2.5 (props @dependabot via #141). - Security: Bump
tough-cookiefrom 4.1.2 to 4.1.3 and@cypress/requestfrom 2.88.10 to 2.88.12 (props @dependabot via #146).
2.1.1 – 2023-04-05
- Changed: Upgrade
@wordpressnpm package dependencies (props @ggutenberg, @Sidsector9 via #108). - Changed: Bump WordPress “tested up to” version 6.2 (props @ggutenberg, @Sidsector9 via #108).
- Changed: Run our E2E tests on the zip generated by “Build release zip” action (props @jayedul, @dkotter via #106).
- Fixed: Only load our block CSS if a page has the SVG block in it and remove an extra slash in the CSS file path. Remove an unneeded JS block file (props @dkotter, @freinbichler, @IanDelMar, @ocean90, @Sidsector9 via #112).
- Fixed: Better error handling for environments that don’t match our minimum PHP version (props @dkotter, @ravinderk via #111).
2.1.0 – 2023-03-22
- Added: An SVG Gutenberg Block (props @faisal-alvi, @Sidsector9, @cr0ybot, @darylldoyle, @cbirdsong, @jeffpaul via #80).
- Added: “Build release zip” GitHub Action (props @iamdharmesh, @dkotter, @faisal-alvi via #87).
- Changed: Bump minimum PHP version from 7.0 to 7.4 (props @iamdharmesh, @peterwilsoncc, @vikrampm1 via #82).
- Changed: Bump minimum WordPress version from 4.7 to 5.7 (props @iamdharmesh, @peterwilsoncc, @vikrampm1 via #82).
- Changed: Bump WordPress “tested up to” version 6.1 (props @iamdharmesh, @peterwilsoncc via #85).
- Security: Updates the underlying sanitisation library to pull in a security fix (props @darylldoyle, @faisal-alvi, @Cyxow via #105).
- Security: Bump
gotfrom 10.7.0 to 11.8.5 (props @dependabot via #83). - Security: Bump
@wordpress/env from4.9.0 to 5.6.0 (props @dependabot via #83). - Security: Bump
simple-gitfrom 3.9.0 to 3.16.0 (props @dependabot via #88, #99). - Security: Bump
loader-utilsfrom 2.0.2 to 2.0.4 (props @dependabot via #92). - Security: Bump
json5from 1.0.1 to 1.0.2 (props @dependabot via #91). - Security: Bump
decode-uri-componentfrom 0.2.0 to 0.2.2 (props @dependabot via #93). - Security: Bump
markdown-itfrom 12.0.4 to 12.3.2 (props @dependabot, @peterwilsoncc via #94). - Security: Bump
@wordpress/scriptsfrom 19.2.4 to 25.1.0 (props @dependabot, @peterwilsoncc via #94). - Security: Bump
http-cache-semanticsfrom 4.1.0 to 4.1.1 (props @dependabot, @peterwilsoncc via #101). - Security: Bump
webpackfrom 5.75.0 to 5.76.1 (props @dependabot, @faisal-alvi via #103). - Security: Bump
svg-sanitizerfrom 0.15.2 to 0.16.0 (props @darylldoyle, @faisal-alvi, @Cyxow via #105).
Earlier versions
For the changelog of earlier versions, please refer to the changelog on github.com.