Extension:NativeSvgHandler
Jump to navigation
Jump to search
 | Warning: The code or configuration described here poses a major security risk. Site administrators: You are advised against using it until this security issue is resolved. Problem: SVG files are effectively full HTML documents that can contain JavaScript, and if SVG uploads are enabled, any editor can upload them. An attacker could upload a malicious file to perform an XSS attack against viewers. In addition, browser support for rendering SVGs varies widely, so the appearance of an SVG cannot be guaranteed to be consistent for all viewers. See phab:T223649#5194131 for more information. Solution: Only use this extension if SVG uploads are restricted to trusted users or disabled entirely, and don't rely on SVGs appearing the same for all viewers. |
 Release status: unmaintained |
|
|---|---|
| Implementation | Media |
| Description | Serves SVG images directly to clients |
| Author(s) | Povilas Kanapickas (P12talk) |
| Latest version | 1.2 (2015-01-16) |
| MediaWiki | 1.26+ |
| Database changes | No |
| License | GNU General Public License 2.0 |
| Download | GitHub: Note: README |
| Translate the NativeSvgHandler extension if it is available at translatewiki.net | |
| Check usage and version matrix. | |
The NativeSvgHandler extension allows SVG files to be served directly to clients for client-side rendering.
Installation[edit]
- Download and place the file(s) in a directory called
NativeSvgHandlerin yourextensions/folder.
- Add the following code at the bottom of your LocalSettings.php:
require_once "$IP/extensions/NativeSvgHandler/NativeSvgHandler.php";
Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
Done – Navigate to Configuration Parameters[edit]
- $wgNativeSvgHandlerEnableLinks
- Set
falseto disable links over SVG images, the default value istrue.
