Hi helpful folks,
I’m enjoying Kirby 3.9.2 with a local PHP 8.1.12 on OSX but got into trouble uploading an .svg though the panel. The error message is:
The “viewbox” attribute (line 8) is not allowed: Not included in the global allowlist
After removing the attribute the upload is fine, but the svg is not displayed
Therefore I added it again to the file, after upload.
My question:
-
Is there a security risk having ‘viewbox’ in my svg-file? Just curious after checking the discussion here
-
How can I edit the ‘global allowlist’ as stated in the error message? Should I?
Here are the first 8 lines of the file. The svg was created with a probably old version of CorelDraw…
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"
version="1.1" style="
shape-rendering: geometricPrecision;
text-rendering: geometricPrecision;
image-rendering: optimizeQuality;
fill-rule: evenodd;
clip-rule: evenodd;
" **viewbox="0 0 1080 800"** >
Cheers,
Johannes