Marker element being striped out from uploaded SVG

When uploading an SVG the resulting SVG has removed marker elements. Is there a way to stop this from happening?

Example:
dex-unauthenticated

The raw image can be found here:
https://raw.githubusercontent.com/juju-solutions/bundle-kubeflow/1c76d8a0292f0a969f1ce416767ff3d5847508ca/docs/img/dex-unauthenticated.svg

1 Like

I guess we can add the <marker> element to the allowlist. I don’t see any attributes that affect security.

4 Likes

Thank you, filed a PR to have marker added to the allowlist when uploading an SVG.

3 Likes

For reference WebKit has had security problems with the marker element. The last issue was an RCE in December.

1 Like