#14092: ImageField should allow SVG
---------------------------------------------------+------------------------
Reporter: graeme | Owner: nobody
Status: new | Milestone:
Component: Database layer (models, ORM) | Version: 1.2
Resolution: | Keywords:
Stage: Someday/Maybe | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
---------------------------------------------------+------------------------
Changes (by PaulM):
* needs_better_patch: => 0
* stage: Unreviewed => Someday/Maybe
* needs_tests: => 0
* needs_docs: => 0
Comment:
This seems like a reasonable request. However, I don't think it is
realistic any time in the near future.
The issue here is that Django uses the PIL library to validate that
uploaded files really are images. SVG files aren't supported by PIL, so we
would have to find some other way to validate them.
The bigger concern about SVG files is the potential security issue. SVG
files can contain javascript. A big part of the reason we use image fields
in the first place is to make sure we're only allowing users to upload
"safe" files that we know we can show other users without danger of XSS or
other nastiness. SVG files can't make that promise.
So for now, it is better that we do not allow SVG files to be uploaded as
part of an ImageField.
--
Ticket URL: <http://code.djangoproject.com/ticket/14092#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
