FIX: whitelist 'feGaussianBlur' and 'filter' svg elements

FIX: whitelist ‘feGaussianBlur’ and ‘filter’ svg elements

diff --git a/lib/upload_creator.rb b/lib/upload_creator.rb
index 6d54ad0..de20743 100644
--- a/lib/upload_creator.rb
+++ b/lib/upload_creator.rb
@@ -6,8 +6,9 @@ class UploadCreator
   TYPES_TO_CROP ||= %w{avatar card_background custom_emoji profile_background}.each(&:freeze)
 
   WHITELISTED_SVG_ELEMENTS ||= %w{
-    circle clippath defs ellipse g line linearGradient path polygon polyline
-    radialGradient rect stop style svg text textpath tref tspan use
+    circle clippath defs ellipse feGaussianBlur filter g line linearGradient
+    path polygon polyline radialGradient rect stop style svg text textpath
+    tref tspan use
   }.each(&:freeze)
 
   # Available options

GitHub sha: 2b721dff

This commit has been mentioned on Discourse Meta. There might be relevant details there:

This commit has been mentioned on Discourse Meta. There might be relevant details there:

@nbianca is going to followup here soon and replace our html sanitizer.

2 Likes