SVG files get automatically downloaded with right-click -> open image in new tab

[mgunyho]

Detailed description of the problem

If I upload an SVG file to a notebook, and right-click -> open in new tab, the file is force-downloaded

Expected Behavior

SVG images should not be force-downloaded but just shown in a new tab, like the behavior is for e.g. PNG images currently.

Steps to reproduce the behavior

1. Attach an SVG image to an experiment and insert in text at cursor position
2. Go back to view mode and right-click -> open in new tab on the SVG image in the text (not in the attachment box)

What eLabFTW version are you using? Visible in bottom right of a page.

4.5.14, but also happens on the demo instance

Do you have any idea what may have caused this?

No response

Do you have an idea how to solve the issue?

I believe this can be solved by adding image/svg+xml (see e.g. here) to this list: https://github.com/elabftw/elabftw/blob/master/src/controllers/DownloadController.php#L92

Additional information

I think this may be related to #3797

[NicolasCARPi]

Hello,

There is a security risk with SVG files (as they can contain javascript), but it seems the CSP is taking care of it, so I have enabled the display of SVG files in browser, like you suggested.

Best,
~Nico

[mgunyho]

Thanks for the quick response and resolution!