Hi helpful folks,
I’m enjoying Kirby 3.9.2 with a local PHP 8.1.12 on OSX but got into trouble uploading an .svg though the panel. The error message is:
The “viewbox” attribute (line 8) is not allowed: Not included in the global allowlist
After removing the attribute the upload is fine, but the svg is not displayed
Therefore I added it again to the file, after upload.
Is there a security risk having ‘viewbox’ in my svg-file? Just curious after checking the discussion here
How can I edit the ‘global allowlist’ as stated in the error message? Should I?
Here are the first 8 lines of the file. The svg was created with a probably old version of CorelDraw…
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve" version="1.1" style=" shape-rendering: geometricPrecision; text-rendering: geometricPrecision; image-rendering: optimizeQuality; fill-rule: evenodd; clip-rule: evenodd; " **viewbox="0 0 1080 800"** >