Is your enhancement related to a problem? Please describe.
Hi there! I'm working on an experimental media modal (and media editor) in the Gutenberg repo as part of Phase 3 of Gutenberg. It's early days for this work, but there's a media modal (powered by DataViews) that you can use in the Gutenberg plugin by activating the experiment:
Then, when you add an Image block (or use any other button to open the media library), you'll see this modal instead of the existing WordPress media library:
That's the general direction it's heading in. The problem I'm running into is that while testing with the Safe SVG plugin active, I see that the SVG mime type is only added on particular screens, and that doesn't appear to include REST API requests for fetching media items. The result is that if a user has this plugin activated for uploading SVGs, they won't appear in this new media library at all (even to select or in a read only state).
I know in the readme it's flagged that the SVG mime type is intentionally not added in all cases, in order to properly ensure SVGs are handled securely.
Is there a safe way to expand the SVG mime type support so that it can include the media REST API endpoints? From hacking it in locally, that seems to resolve the issue for the media modal experiment in Gutenberg, as it'll then allow the SVG image to be seen in the list:
If you'd like more context on this work, here are a couple of tracking issues over in the Gutenberg repo:
Please let me know if you'd like any further context on any of that work. It isn't slated to land in core any time soon, but I'd like to ensure that a new media library plays well with popular plugins, and this is indeed a very popular plugin!
Note: if we don't fix this, then I think the SVGs should still show up in the overall list of files (i.e. if someone adds a File block and wants to link to an SVG as a file download), it just wouldn't be available to add to an Image block, which seems pretty critical behaviour 🙂
Code of Conduct
Is your enhancement related to a problem? Please describe.
Hi there! I'm working on an experimental media modal (and media editor) in the Gutenberg repo as part of Phase 3 of Gutenberg. It's early days for this work, but there's a media modal (powered by DataViews) that you can use in the Gutenberg plugin by activating the experiment:
Then, when you add an Image block (or use any other button to open the media library), you'll see this modal instead of the existing WordPress media library:
That's the general direction it's heading in. The problem I'm running into is that while testing with the Safe SVG plugin active, I see that the SVG mime type is only added on particular screens, and that doesn't appear to include REST API requests for fetching media items. The result is that if a user has this plugin activated for uploading SVGs, they won't appear in this new media library at all (even to select or in a read only state).
I know in the readme it's flagged that the SVG mime type is intentionally not added in all cases, in order to properly ensure SVGs are handled securely.
Is there a safe way to expand the SVG mime type support so that it can include the media REST API endpoints? From hacking it in locally, that seems to resolve the issue for the media modal experiment in Gutenberg, as it'll then allow the SVG image to be seen in the list:
If you'd like more context on this work, here are a couple of tracking issues over in the Gutenberg repo:
Please let me know if you'd like any further context on any of that work. It isn't slated to land in core any time soon, but I'd like to ensure that a new media library plays well with popular plugins, and this is indeed a very popular plugin!
Note: if we don't fix this, then I think the SVGs should still show up in the overall list of files (i.e. if someone adds a File block and wants to link to an SVG as a file download), it just wouldn't be available to add to an Image block, which seems pretty critical behaviour 🙂
Code of Conduct