Blocks with SVG icon become invalid when I’m not logged in as admin

  • Resolved Jules Colle

    (@jules-colle)


    3 years, 9 months ago

    Just checking if this is a known bug, or if another plugin could be messing things up.

    When I create a Marketing button with your plugin and give it an SVG icon, everything works fine as long as I’m an administrator.

    But, if I try to edit the block with another user role (FYI: it’s a custom role with admin capabilities as well), and save the block. Everything seems fine at first, but when I visit the front-end the SVG icon is gone. After inspection I see that the actual svg element is missing (it got stripped out during save I assume.) When I revisit the editor-screen the block now gives me the “invalid block” message. When I check the console I see that this is because gutenberg is expecting to get the block with the svg-element, but it was saved without svg-element. When I click “restore block” the block is restored in the editor and the svg icon reappears. However, when I save the post again and visit the front-end the svg icon is stripped away again.. Any idea what could be the cause?

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Team Brainstorm Force

    (@brainstormteam)

    Hello @jules-colle ,

    By default, users without the unfiltered_html capability are not allowed to upload SVG files for security reasons, and this same applies to manually adding SVG elements in post content. SVG’s can contain malicious JavaScript, and it’s not trivial to sanitize them.

    But we have added a task of it to our to-do list. We will check is there anything we can improve in our future.

    I hope you understand.

    Plugin Support Team Brainstorm Force

    (@brainstormteam)

    Hello @jules-colle ,

    I have already taken this up as a suggestion and added it to our to-do list so that our developers can consider it in one of our future updates.

    I am making the query resolved for now.

    You can always get in touch with us through our website in case you wish to follow up or drop in any other suggestion.

    Thank you!

    Thread Starter Jules Colle

    (@jules-colle)

    Thanks,

    I would like to point out that this is a problem everybody will eventually run into on multiste networks.

    On a multiste network only the super admin gets this capability.

    Here’s an article that explains how to add the capability for administrators and editors on multisite network sites. https://kellenmace.com/add-unfiltered_html-capability-to-admins-or-editors-in-wordpress-multisite/

    Plugin Support Team Brainstorm Force

    (@brainstormteam)

    Hello @jules-colle ,

    I am sorry, the article shared by you is not accessible. Please refer to this screenshot.

    Right, this unfiltered_upload capability is not available to any role by default (including Super Admins).

    Note: Enabling this option for untrusted users may result in their posting malicious or poorly formatted code.

    I hope you understand.

    Let me know if you have any further queries.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Blocks with SVG icon become invalid when I’m not logged in as admin’ is closed to new replies.