Important: #94492 - Introduce SVG Sanitizer
See forge#94492
Description
SVG sanitization behavior of extension t3g/svg-sanitizer has been introduced into TYPO3 core. Actual processing is done by low-level sanitization package enshrined/svg-sanitize by Daryll Doyle.
Introduced aspects
- handle
GeneralinvocationsUtility:: upload_ copy_ move - handle FAL action events
file-,add file-,replace set-content - provide upgrade wizard, sanitizing all SVG files in storages that
are using
\TYPO3\CMS\ Core\ Resource\ Driver\ Local Driver
Custom usage
$sanitizer = new \TYPO3\CMS\Core\Resource\Security\SvgSanitizer();
$sanitizer->sanitizeFile($sourcePath, $targetPath);
$svg = $sanitizer->sanitizeContent($svg);
Copied!
Basically this change enforces following public service announcements concerning SVG files, to enhance these security aspects per default: