PHPackages sunnysideup/silverstripe-svg-images - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [File & Storage](/categories/file-storage) 4. / 5. sunnysideup/silverstripe-svg-images ActiveSilverstripe-vendormodule[File & Storage](/categories/file-storage) sunnysideup/silverstripe-svg-images =================================== Basic SVG Image support for Silverstripe (Assets/Uploads) 4.0.1(1y ago)01.4k2[1 PRs](https://github.com/sunnysideup/silverstripe-svg-images/pulls)PHP Since Apr 15Pushed 1y agoCompare [ Source](https://github.com/sunnysideup/silverstripe-svg-images)[ Packagist](https://packagist.org/packages/sunnysideup/silverstripe-svg-images)[ Docs](http://github.com/micschk/silverstripe-svg-images)[ RSS](/packages/sunnysideup-silverstripe-svg-images/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (1)Versions (6)Used By (0) SVG Image support for Silverstripe (assets/uploads) =================================================== [](#svg-image-support-for-silverstripe-assetsuploads) This works as-is with any files added via the AssetAdmin and many\_many relations to 'File/Image(/SVGImage)'. This module exposes the SVG template helpers/methods of the stevie-mayhew/silverstripe-svg module if that's installed (recommended by composer). See 'Usage'. SVG Security ============ [](#svg-security) SVGs may expose *a lot* of possible attack vectors, most of which are widely known and unpatched. Basically you should consider SVG a browser-executable format comparable to HTML/JS, but with virtually no exploit-protection built into browsers. In some circumstances, eg when parsing XML server side, SVGs could also pose server side risks like file inclusion (XML External Entity attack), fork bombs (Billion laughs) and probably dozens more. See 'Security considerations'. As a general rule of thumb, only work with trusted SVGs (created & uploaded by trusted users). SVGs loaded through an img tag provide a bit more security (eg no script execution) than inline SVG code. Installation ------------ [](#installation) Allow svg as an extension on 'File' in config.yml: ``` File: allowed_extensions: - svg ``` Next, add svg to the list of allowed extensions in the htaccess file in the assets folder. Fresh codebases: ---------------- [](#fresh-codebases) Best option is to resort to many\_manys with UploadField::setAllowedMaxFileNumber(1), since File/Upload tries to instantiate the relation's appointed classname for has\_ones and so will resort to Image instead of SVGImage. OR simply tell the injector to use the SVGImage class instead of Image, see Yaml config below (falls back to Image class for regular images). OR (probably undesirable) set the has\_one relation to 'SVGImage' subclass. Options for existing codebases/sites (or modules): -------------------------------------------------- [](#options-for-existing-codebasessites-or-modules) You may simply change the relation to point to SVGImage class if possible (existing relations may have to be re-added?) OR Add the following config to have UploadFields for has\_one pointing to 'Image' load as SVGImage for .svg files (this is another approach then resorting to many\_manys, which may interfere with other modules like FocusedImage which also uses injector for Image) ``` Injector: Image: class: SVGImage Image_Cached: class: SVGImage_Cached ``` Allowing SVG in scaffolded UploadFields --------------------------------------- [](#allowing-svg-in-scaffolded-uploadfields) Scaffolded UploadFields to 'Image' may need to be told to allow SVG images as well (currently fixed in master): ``` $field->setAllowedFileCategories('image'); ``` It's also possible to temporarily hack the framework /Framework/model/fieldtypes/ForeignKey around line 33 to make scaffolded has\_one UploadFields for Image relations allow SVGs (temporarily because this is currently fixed in master). ``` ... if($hasOneClass && singleton($hasOneClass) instanceof Image) { $field = new UploadField($relationName, $title); // CHANGE: //$field->getValidator()->setAllowedExtensions(array('jpg', 'jpeg', 'png', 'gif')); // TO: $field->setAllowedFileCategories('image'); } else ... ``` Usage ----- [](#usage) In a SilverStripe template simply treat as you would treat a normal image (minus the formatting/scaling functionality). For scaling/adding classes etc, this module integrates SVG template helpers (stevie-mayhew/silverstripe-svg module required). ``` ``` ``` {$Image.SVG_RAW_Inline} {$Image.SVG_RAW_Inline} $Image.SetWidth(1200) ``` Additional helper functions for width, height, size, fill & adding extra classes are exposed by the '.SVG' method. (Requires additional module: [stevie-mayhew/silverstripe-svg](https://github.com/stevie-mayhew/silverstripe-svg) ``` {$Image.SVG} {$Image.SVG.LimitID('ParticularID')} ``` ``` {$Image.SVG.width(200)} {$Image.SVG.height(200)} {$Image.SVG.size(100,100)} {$Image.SVG.fill('#FF9933')} {$Image.SVG.extraClass('awesome-svg')} ``` These options are also chainable. ``` {$SVG('name').fill('#45FABD').width(200).height(100).extraClass('awesome-svg')} ``` Security considerations ----------------------- [](#security-considerations) Currently I don't know of any way to fully sanitize untrusted SVGs. Regular expressions are not suitable for the job and any PHP XML parsers are vulnerable to at least some attack vectors (like file inclusion). Here's a [thorough listing of known attack vectors](https://pypi.org/project/defusedxml/#php). [DOMPurify](https://github.com/cure53/DOMPurify) is a browser/JS based library that seems to do a pretty good job (but it's JS/NodeJS, not PHP). PHP based libraries which provide some protection but use (possibly dangerous) XML parsing are [svg-sanitizer](https://github.com/darylldoyle/svg-sanitizer) & [SVG Sanitizer](https://github.com/alnorris/SVG-Sanitizer). ### SVG cropping & additional manipulations (to be added to this module) [](#svg-cropping--additional-manipulations-to-be-added-to-this-module) Cropping can basically be done using viewBox, combined with svg width/height attr (all optional) PHP SVG class (Imagemagick): Simple rendering SVG>JPG/PNG: PHP Cairo (PECL, not really an option): PHP SVG Iconizr (CLI CSS/SVG/PNG sprite generator): ### Health Score 38 — LowBetter than 85% of packages Maintenance42 Moderate activity, may be stable Popularity18 Limited adoption so far Community14 Small or concentrated contributor base Maturity67 Established project with proven stability Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~804 days Total 5 Last Release 461d ago Major Versions 1.0 → 2.0.02019-12-05 2.0.1 → 3.0.02021-04-01 3.0.0 → 4.0.12025-02-06 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/167154?v=4)[Sunny Side Up](/maintainers/sunnysideup)[@sunnysideup](https://github.com/sunnysideup) --- Top Contributors [![micschk](https://avatars.githubusercontent.com/u/1005986?v=4)](https://github.com/micschk "micschk (10 commits)")[![tristan-mastrodicasa](https://avatars.githubusercontent.com/u/9061589?v=4)](https://github.com/tristan-mastrodicasa "tristan-mastrodicasa (4 commits)")[![sunnysideup](https://avatars.githubusercontent.com/u/167154?v=4)](https://github.com/sunnysideup "sunnysideup (3 commits)")[![kdanilewicz](https://avatars.githubusercontent.com/u/1428945?v=4)](https://github.com/kdanilewicz "kdanilewicz (1 commits)")[![LABCAT](https://avatars.githubusercontent.com/u/9105153?v=4)](https://github.com/LABCAT "LABCAT (1 commits)")[![balazsbohonyi](https://avatars.githubusercontent.com/u/507725?v=4)](https://github.com/balazsbohonyi "balazsbohonyi (1 commits)")[![straathof](https://avatars.githubusercontent.com/u/9931668?v=4)](https://github.com/straathof "straathof (1 commits)") --- Tags silverstripe ### Embed Badge ![Health badge](/badges/sunnysideup-silverstripe-svg-images/health.svg) ``` [![Health](https://phpackages.com/badges/sunnysideup-silverstripe-svg-images/health.svg)](https://phpackages.com/packages/sunnysideup-silverstripe-svg-images) ``` ### Alternatives [bummzack/sortablefile An extension for SilverStripe that adds sorting to UploadField. 70622.7k55](/packages/bummzack-sortablefile)[unclecheese/silverstripe-kickassets Provides an alternative file management interface for SilverStripe CMS with drag-and-drop, multi-selection, and several other desktop-like UI conventions. 4728.3k1](/packages/unclecheese-silverstripe-kickassets)[unclecheese/dropzone An HTML5 upload field for the CMS and frontend forms. 46130.7k6](/packages/unclecheese-dropzone)[silverstripe/s3 Adds SilverStripe support for using the S3 adapter for Flysystem 20297.0k1](/packages/silverstripe-s3)[unclecheese/kickassets Provides an alternative file management interface for SilverStripe CMS with drag-and-drop, multi-selection, and several other desktop-like UI conventions. 484.0k](/packages/unclecheese-kickassets)[axllent/silverstripe-scaled-uploads Automatically scale down and rotate uploaded images for Silverstripe 2580.3k8](/packages/axllent-silverstripe-scaled-uploads) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)