I wanted to ask for it for some time.
I read that if possible I should use logo in svg format. The vector images should remain crisp and clear at any resolution or size. I tied, however, the logo is only visible in IE. Chrome, MSEdge, FF, and Opera.
Could you please shed some light on the issue?
Long story short, Magento used to support SVG for logo formats. However, svg files can allow for code injections. Therefore the option was removed in the interest of security.
APPSEC-1673: Stored xss using svg images in Favicon: A Magento administrator with limited privileges can add new SVG images that contain injected code. - [Ref 1]
But I added my svg logo directly onto server. I didn’t use the admin pannel.
From what I remember app/design/frontend/myStore/myTheme/web/images
The file name is logo.svg so the default luma logo should be replaced by the logo within this directory?
svg file formats don’t need to be set in Magento to be deemed “vulnerable”.
I can’t remember the Luma source file that you’d replace. You’ll have to do some digging there.
Thank you very much for the info. and good links
I’m not sure how bad the vulnerability is, but it’s worth knowing the reason behind its removal. Sorry, I couldn’t assist more.
You assisted enough. Thank you very much.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.