Important: #94492 - Introduce SVG Sanitizer

See forge#94492


SVG sanitization behavior of extension t3g/svg-sanitizer has been introduced into TYPO3 core. Actual processing is done by low-level sanitization package enshrined/svg-sanitize by Daryll Doyle.

Introduced aspects

  • handle GeneralUtility::upload_copy_move invocations
  • handle FAL action events file-add, file-replace, set-content
  • provide upgrade wizard, sanitizing all SVG files in storages that are using \TYPO3\CMS\Core\Resource\Driver\LocalDriver

Custom usage

$sanitizer = new \TYPO3\CMS\Core\Resource\Security\SvgSanitizer();
$sanitizer->sanitizeFile($sourcePath, $targetPath);
$svg = $sanitizer->sanitizeContent($svg);

Basically this change enforces following public service announcements concerning SVG files, to enhance these security aspects per default: