Hello,

Magento disallowed the upload of .svg for security reasons and there are plenty of topics on how to re-enable the upload of .svg in wysiwyg editor.

However, the question here is what is the actual threat there when .svg file types used on a site on icons, logo's or images on the front end of the store? Including stores where the upload of images by visitors is disallowed.

Upon reading about xss, many talk about vulnerability more common in scenarios when stores allow upload of images (such as if you are uploading a picture to site for a customer T Shirt Image) or if someone has access to the admin and inserts code in the .svg file.

These days .svg is a highly adaptive and quality image type, taking up very little space - ideal for modern mobile devices where majority of shoppers shop from.

Before we consider to use .svg, we'd like to hear if anyone is using these file types and if anyone has had any issues that relate to those Magento patched in a security update some time back.

Thanks,