One Discourse forum that I use has the default setting to only allow “image files”, however .svg files say that they are “not authorized”, while .svg files are images, just vector ones instead of raster ones, that means they can be scaled without losing quality. Also, the sizes are comparable too, if not smaller, when I converted a .png to a .svg:
So is there any reason as to why a .svg file isn’t treated as an image file?
An admin sets the accepted file types. Svg isn’t in there by default, but it can be added from the authorized_extensions setting. If you ask your admin, they may consider it?
Problem is, the admins ignore direct messages, quoting one:
And they ignore 99.9% of the threads on the forums.
Is there a site feedback category that you can make those kinds of requests in? Or maybe contact them from the email address on the forum’s /about page?
Isn’t this a potential security risk, unless the file is sanitized?
I’m afraid I don’t know the full answer to that, but I think discourse does some checking as part of the upload?
That’s not a problem that can be solved here. If you don’t like how the forum is run, then don’t use it or start your own.
@pfaffman, I believe that it is: sensible defaults mean less duplication of effort. I could ask all administrators to enable SVG upload, as others have:
…or I could ask Meta to set it as a default. On that point, I agree with @Ondrashek06.
Well, 4 years later and I’m in complete agreement!
Here, I’ll see if I can make it so:
@pfaffman, thank you!
There’s some likelihood that there’s a reason that I don’t understand that makes it a Bad Idea to include it by default. 
@pfaffman, I’d presume sanitisation, because it’s a very powerful format. However, considering that inline HTML is supported, and other forums support SVGs, it’s definitely not insurmountable, especially because they appear to be permitted here:
To demonstrate, the undermentioned is an SVG:
So…
SVG is sanitized.
At the time I read the code, my judgement was that the sanitization was actually fairly robust, and that gave me confidence to enable it on my site.
I can understand if CDCK doesn’t want the responsibility of making that call for everyone, particularly since the sanitized SVG doesn’t meet all needs for SVGs. For example, on my site, sometimes people post SVGs intended for laser cutting, and occasionally the modifications applied in that sanitization have silently broken them for that purpose.
So I understand reluctance to just enable it by default, even though it was a minor annoyance to me when I was doing configuration.
@mcdanlj, Blender, presumably via a plugin, allows file uploads. That’s inapplicable as a default, but may assist your forum, because your SVGs are primarily for uses other than inline rendering.
In my case, we want both behaviors from time to time… So we’d have people upload a ZIP file where it’s important that we’re looking at a byte-perfect file. Nine times out of ten, it’s more useful for us to just see it online without downloading, even with the sanitization.
(Yes, we would love to have our cake and eat it too! 
)
@mcdanlj, I’m not confident that rendering unsanitised, inline SVGs is even theoretically feasible. 
I didn’t mean that; unsanitized inline SVGs are a CSS attack vector.
I meant being able to choose at upload time whether it should be sanitized into a display SVG or left unrendered as an upload. But actually even more perfect would be sanitized inline display, but if you click download you get the original unsanitized version.
This is not a serious feature suggestion. it’s just what would be perfect for one weird use case. 
@mcdanlj, because, I believe a plugin is what provides Blender’s file upload capabilities, if that’s true for you too, that would be worth posted as an FR at the plugin’s repository’s issue tracker. If, instead, it’s in core, I agree that that would be really useful, but might be better tracked in a separate post.
Thanks @pfaffman, I’ve brought this to the team’s attention and we agree that this now makes sense as a default. I’ve approved & merged the PR 
