keystone
keystone copied to clipboard
keystonejs
Adding SVG in image types available for upload
⚠️ No Changeset found
Latest commit: 2c47e7d7a33832d676abb299bf701e6298773bf5
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
This PR includes no changesets
When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
![changeset-bot[bot] avatar](https://avatars.githubusercontent.com/in/28616?v=4 "Published by a pub.dev verified publisher"){kind=small}
This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.
🔍 Inspect: https://vercel.com/keystonejs/keystone-next-docs/5r5sPYtoG38vLSoPNrHP4fpk5KW3
✅ Preview: Failed
![vercel[bot] avatar](https://avatars.githubusercontent.com/in/8329?v=4 "Published by a pub.dev verified publisher"){kind=small}
This pull request is automatically built and testable in CodeSandbox.
To see build info of the built libraries, click here or the icon next to each commit SHA.
![codesandbox-ci[bot] avatar](https://avatars.githubusercontent.com/in/38409?v=4 "Published by a pub.dev verified publisher"){kind=small}
Why this feature is not being merged? We really need this feature to allow SVG uploads 😢.
A few concerns in respect to this and security, we need to reach consensus on what are safe defaults, and what are reasonable escape hatches. I don't want Keystone to prescribe exactly what may be uploaded, but we aren't only an API platform.
For example, we might want to use https://github.com/cloudflare/svg-hush in this particular scenario.
I have created a repository with some custom fields for Keystone.js, including vectorImage field which allows us to upload .svg files.
Have a look: https://github.com/usertive/keystone-custom-fields
That's definitely very good and useful to treat SVG files and make sure they are safe, but in my case, KeystoneJS is the admin interface for my website and only me and my team which I trust do have access to it and can upload SVG files. I'm a little scared than the protections you will put to treat SVG could have some side-effect and break some SVG features I might want to use.
Maybe this should be an option than we can enable/disable by config?
That's an interesting consideration @Zlitus, and honestly that might mean we up with preferring this configuration being explicitly configurable by users with documentation warnings, instead of being specifically prescripted by us.
📌 For me, I wish there was a variable in the Keystone configuration that gave us the ability to enable/disable svg, that might be the best solution for now.
Is this ever going to be merged? 2 years in and still can't upload a basic thing like SVG's.
I too do not care about security as we only have authorized users...
@MartinDawson I think the conclusion is that we want to change this pull request to support the image types to be configurable by users, instead of prescribed by @keystone-6/*.
We are accepting of contributor pull requests, but as is, we don't want to merge this :yellow_heart:
@dcousens, could you please share the issue/PR for "we want to change this pull request to support the image types to be configurable by users, instead of prescribed by @keystone-6/*"? Thank you.
See feature request https://github.com/keystonejs/keystone/discussions/8913