XF 1.5 Dynamic SVG and Image Proxy
- Thread starter dethfire
- Start date
The lack of SVG support in the image proxy is very much intentional. This is for security reasons. SVGs allow scripting, which means they're roughly equivalent to allowing users to serve arbitrary HTML from your domain and all the things that allows (XSS, etc).
If you wanted to allow SVGs, you'd need to serve the image proxy from a separate domain with no sensitive details (cookies, etc). (You also need to make sure you haven't opened a wide CORS setting for your main site, but you'd generally have to do that intentionally.)
If you wanted to allow SVGs, you'd need to serve the image proxy from a separate domain with no sensitive details (cookies, etc). (You also need to make sure you haven't opened a wide CORS setting for your main site, but you'd generally have to do that intentionally.)
badstraw360
Member
So... is not a good idea to have an SVG instead of a png for the main logo? How can i make it look sharper without compromising security?
CyberAP
Well-known member
It is a good idea as long as you have control over it. You compromise security by letting others use their SVG on your forum.
badstraw360
Member
Thank you for the clarification..
I was reading this article and they say that "there are well over 8,000 logged CVE’s that have to do with all sorts of fun and obscure SVG file security vulnerabilities."
I was trying to make my logo look nicer, basically I added this code in extra.css
Code:
#logo img { width: 180px; height: 70px; }That basically resized it, it looks great now but if I test the speed of my website I get: " The following images are resized in HTML or CSS. Serving scaled images could save 26.3KiB (93% reduction)."
Man I think I'll have to use SVG instead..
Similar threads
- Question
