Important: #94492 - Introduce SVG Sanitizer¶
See forge#94492
Description¶
SVG sanitization behavior of extension t3g/svg-sanitizer has been introduced into TYPO3 core. Actual processing is done by low-level sanitization package enshrined/svg-sanitize by Daryll Doyle.
Introduced aspects¶
handle
GeneralUtility::upload_copy_move
invocationshandle FAL action events
file-add
,file-replace
,set-content
provide upgrade wizard, sanitizing all SVG files in storages that are using
\TYPO3\CMS\Core\Resource\Driver\LocalDriver
Custom usage¶
$sanitizer = new \TYPO3\CMS\Core\Resource\Security\SvgSanitizer();
$sanitizer->sanitizeFile($sourcePath, $targetPath);
$svg = $sanitizer->sanitizeContent($svg);
Basically this change enforces following public service announcements concerning SVG files, to enhance these security aspects per default: