Is it possible to add svg images to a post?

(Kasper Peulen) #1

I’m trying to add svg images to a post, but without succes:

Is it possible to show svg images ?

How to include fontawesome icons in posts?
(Jeff Atwood) #2

Let’s see, I’ll try uploading it:

butterfly-s.svg (47.8 KB)

Definitely treated as an attachment. Anything we can do here @zogstrip?

(Régis Hanol) #3

Forgot svg as image extensions. Will fix it.

(Anton Batenev) #4

Be careful - SVG images can contain script tags.

(Kasper Peulen) #5


My browser crashes when I try to do it in this way ![text](svg url)

(Jeff Atwood) #6

Hmm, this might be a good thing to re-check @zogstrip the status of .svg as standard embedded images.

(Ben Lubar) #7

I can do ![]( and the image shows up in the preview. If I delete the ) my browser freezes. Strange.

(Michael Downey) #8

Any updates on this? It’d be great to upload some SVG images for my Discourse logo, etc. (Not to mention in posts.)

(Ernest Lee) #9

Would like to see some progress on this. Anyone working on it?

(Sam Saffron) #10

No one is working on this

(Michael Downey) #11

And tears were shed everywhere by HiDPI display users… :frowning:

(Polska Psychoterapia) #12

@downey indeed they were :confused:

Any hope it will be added soon? It would be really great to be able to use SVGs site-wide.

(Tsu) #13

Add the extension to this list: :wink:

I recommend adding webp as well.

(Michael Downey) #14

Thanks @tsu. Did you want to create a pull request for this change? I’m sure many people would appreciate it. :slight_smile:

(Jeff Atwood) #15

OK I added webp and svg… this guy says it’s safe!

Uploading SVG doesn't work anymore
(Michael Downey) #16


I guess if there are any exploits we can blame that guy then. :troll:

(Tsu) #17

Thanks for adding this! Although I feel sad about not having been credited for this new feature. :wink:

Before you close or freeze this topic, please allow me to point out, in the spirit of @codinghorror’s blog, that this is code smell in Discourse. Which needs proper refactoring. Sorry, I don’t know Ruby well enough (yet) to contribute code, but I’ve tracked down the cause for you. Here’s how to fix it:

  1. Discourse ships with /etc/nginx/mime.types — which is only used by Nginx.
  2. We have /etc/mime.types — for example, Golang would use that.
  3. There is discourse/lib/file_helper.rb with its assumptions
  4. … and onebox/lib/onebox/audio_onebox.rb — lacking flac, opus, oga, m4a… —
  5. … and onebox/lib/onebox/video_onebox.rb and friends with file type assumptions.

In a few months someone will open a thread asking to add the extension jp2, j2k, pcx, and another one for HEVC-MSP, and then will come Apple with *.isee and video format *.imove. Wait, did we already forget to include mov? :uhoh:

The right thing to do for Discourse is, first, to rely on only one mime type source (file and function!).

Second, for remote resources, issue a HTTP HEAD request and examine the returned content-type header. On a HTTP error 406 repeat that request with a more specific accept header such as »image/webp;q=1.0, image/svg+xml;q=0.9, image/png, image/*;q=0.5«. (When we are at it, check if any CORS header is present which would break embedding.)

If a mime type starts with »image« → it’s an image. And it would get the proper content-type header for free.

And yes, I’d love to see Discourse use NginxXSendfile — which would’ve set the content-type in the first place.


(Jeff Atwood) #18

Before you get too excited, simply allowing the extension does not make SVG magically work, as others have noted – too many assumptions about binary formats for images in the pipeline. There also may be security exploits around allowing SVG, as JavaScript can be embedded in SVG, so it may need to be reverted.

(Kasper Peulen) #19

Is there an other way to add vector graphic images to a post in discourse ? I’m just always horified when I see the images I uploaded on other devices with a complete other screen resolution.

(Joe Seyfried) #20

Are there any updates here? I just updated to the current beta because I need svg for my customized layout - and this would just be awesome… One way to cope with security considerations would also to only allow this temporarily, i.e. add svg to the list of allowed extensions, upload your site assets, and remove svg afterwards!