-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding SVG in image types available for upload #6715
Conversation
|
This pull request is being automatically deployed with Vercel (learn more). 🔍 Inspect: https://vercel.com/keystonejs/keystone-next-docs/5r5sPYtoG38vLSoPNrHP4fpk5KW3 |
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. |
Why this feature is not being merged? We really need this feature to allow SVG uploads 😢. |
A few concerns in respect to this and security, we need to reach consensus on what are safe defaults, and what are reasonable escape hatches. For example, we might want to use https://github.com/cloudflare/svg-hush in this particular scenario. |
I have created a repository with some custom fields for Keystone.js, including Have a look: |
That's definitely very good and useful to treat SVG files and make sure they are safe, but in my case, KeystoneJS is the admin interface for my website and only me and my team which I trust do have access to it and can upload SVG files. I'm a little scared than the protections you will put to treat SVG could have some side-effect and break some SVG features I might want to use. Maybe this should be an option than we can enable/disable by config? |
That's an interesting consideration @Zlitus, and honestly that might mean we up with preferring this configuration being explicitly configurable by users with documentation warnings, instead of being specifically prescripted by us. |
📌 For me, I wish there was a variable in the Keystone configuration that gave us the ability to enable/disable svg, that might be the best solution for now. |
26e4ead
to
f2ca4d1
Compare
Is this ever going to be merged? 2 years in and still can't upload a basic thing like SVG's. I too do not care about security as we only have authorized users... |
@MartinDawson I think the conclusion is that we want to change this pull request to support the image types to be configurable by users, instead of prescribed by |
@dcousens, could you please share the issue/PR for "we want to change this pull request to support the image types to be configurable by users, instead of prescribed by @keystone-6/*"? Thank you. |
See feature request #8913 |
No description provided.