Designers and developers are increasingly using SVGs to replace standard image formats. That’s all well and good, but they may not be aware of the inherent security risks that come with allowing users to upload them themselves.
In this talk I aim to explore some of the main issues that surround SVG uploads and why we’ve not seen this feature in WordPress yet. We’ll also look into why they need to be sanitised and the problems that can occur if we don’t properly secure them.