#14092 closed New feature (wontfix)
ImageField should allow SVG
Reported by: | graeme | Owned by: | nobody |
---|---|---|---|
Component: | Database layer (models, ORM) | Version: | 1.2 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Someday/Maybe | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
A good many browsers now support SVG (and support is planned even for IE), so a good many uses of ImageField need SVG support.
Change History (6)
comment:1 Changed 8 years ago by
Triage Stage: | Unreviewed → Someday/Maybe |
---|
comment:2 Changed 7 years ago by
Severity: | → Normal |
---|---|
Type: | → New feature |
comment:5 Changed 5 years ago by
Resolution: | → wontfix |
---|---|
Status: | new → closed |
ImageField
is raster-oriented:
- it validates common raster formats (JPG and PNG);
- it denormalizes image width and height.
There's little in common between raster and vector handling — at least in the scope of PIL. And SVGs don't have a width and a height expressed in pixel in general. I don't see what ImageField adds to FileField when it comes to SVG files.
comment:6 Changed 2 years ago by
As svg is required more and more often (and sometimes quite unexpectedly), I've made a quick workaround (in django-rest-framework context) to have PIL-based image validation and minimal svg detection for the same FormField:
https://7webpages.com/blog/how-to-have-svg-allowed-as-an-image-for-django-rest-framework/
This seems like a reasonable request. However, I don't think it is realistic any time in the near future.
The issue here is that Django uses the PIL library to validate that uploaded files really are images. SVG files aren't supported by PIL, so we would have to find some other way to validate them.
The bigger concern about SVG files is the potential security issue. SVG files can contain javascript. A big part of the reason we use image fields in the first place is to make sure we're only allowing users to upload "safe" files that we know we can show other users without danger of XSS or other nastiness. SVG files can't make that promise.
So for now, it is better that we do not allow SVG files to be uploaded as part of an ImageField.