ImageField should allow SVG

[graeme]

A good many browsers now support SVG (and support is planned even for IE), so a good many uses of ImageField need SVG support.

[Paul McMillan]

This seems like a reasonable request. However, I don't think it is realistic any time in the near future.

The issue here is that Django uses the PIL library to validate that uploaded files really are images. SVG files aren't supported by PIL, so we would have to find some other way to validate them.

The bigger concern about SVG files is the potential security issue. SVG files can contain javascript. A big part of the reason we use image fields in the first place is to make sure we're only allowing users to upload "safe" files that we know we can show other users without danger of XSS or other nastiness. SVG files can't make that promise.

So for now, it is better that we do not allow SVG files to be uploaded as part of an ImageField.

[Aymeric Augustin]

Change UI/UX from NULL to False.

[Aymeric Augustin]

Change Easy pickings from NULL to False.

[Aymeric Augustin]

ImageField is raster-oriented:

• it validates common raster formats (JPG and PNG);
• it denormalizes image width and height.

There's little in common between raster and vector handling — at least in the scope of PIL. And SVGs don't have a width and a height expressed in pixel in general. I don't see what ImageField adds to FileField when it comes to SVG files.

[ambivalentno]

As svg is required more and more often (and sometimes quite unexpectedly), I've made a quick workaround (in django-rest-framework context) to have PIL-based image validation and minimal svg detection for the same FormField:

​https://7webpages.com/blog/how-to-have-svg-allowed-as-an-image-for-django-rest-framework/