Logo SVG format - logo not showing in most of browsers

I wanted to ask for it for some time.

I read that if possible I should use logo in svg format. The vector images should remain crisp and clear at any resolution or size. I tied, however, the logo is only visible in IE. Chrome, MSEdge, FF, and Opera.

Could you please shed some light on the issue?
Thank you.

Long story short, Magento used to support SVG for logo formats. However, svg files can allow for code injections. Therefore the option was removed in the interest of security.

APPSEC-1673: Stored xss using svg images in Favicon: A Magento administrator with limited privileges can add new SVG images that contain injected code. - [Ref 1]

The danger of an SVG file comes from the fact that it’s an XML that can have embedded CSS and JavaScript. The web browser will automatically run any JavaScript embedded in an SVG file. Therefore, if the script contains malicious code, it will place the user’s computer at risk. - [Ref 2]


1 Like

But I added my svg logo directly onto server. I didn’t use the admin pannel.

From what I remember app/design/frontend/myStore/myTheme/web/images

The file name is logo.svg so the default luma logo should be replaced by the logo within this directory?

svg file formats don’t need to be set in Magento to be deemed “vulnerable”.

I can’t remember the Luma source file that you’d replace. You’ll have to do some digging there.

Thank you very much for the info. and good links :slight_smile:

I’m not sure how bad the vulnerability is, but it’s worth knowing the reason behind its removal. Sorry, I couldn’t assist more.

1 Like

You assisted enough. Thank you very much.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.