1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 Dynamic SVG and Image Proxy

Discussion in 'Troubleshooting and Problems' started by dethfire, Aug 9, 2016.

  1. dethfire

    dethfire Well-Known Member

    Anyone find a solution using dynamic SVG and the Image Proxy? I have many users wanting to link to a wiki svg image but the image proxy chokes on it.
     
  2. Mike

    Mike XenForo Developer Staff Member

    The lack of SVG support in the image proxy is very much intentional. This is for security reasons. SVGs allow scripting, which means they're roughly equivalent to allowing users to serve arbitrary HTML from your domain and all the things that allows (XSS, etc).

    If you wanted to allow SVGs, you'd need to serve the image proxy from a separate domain with no sensitive details (cookies, etc). (You also need to make sure you haven't opened a wide CORS setting for your main site, but you'd generally have to do that intentionally.)
     
  3. badstraw360

    badstraw360 Member

    So... is not a good idea to have an SVG instead of a png for the main logo? How can i make it look sharper without compromising security?
     
  4. CyberAP

    CyberAP Well-Known Member

    It is a good idea as long as you have control over it. You compromise security by letting others use their SVG on your forum.
     
  5. badstraw360

    badstraw360 Member

    Thank you for the clarification..

    I was reading this article and they say that "there are well over 8,000 logged CVE’s that have to do with all sorts of fun and obscure SVG file security vulnerabilities."

    I was trying to make my logo look nicer, basically I added this code in extra.css
    Code:
    #logo img { width: 180px; height: 70px; }
    That basically resized it, it looks great now but if I test the speed of my website I get: " The following images are resized in HTML or CSS. Serving scaled images could save 26.3KiB (93% reduction)."

    Man I think I'll have to use SVG instead..
     

Share This Page