WC_Helper_Sanitization::wc_kses_safe_svg_tagspublic staticWC 1.0

Add limited SVG support to wp_kses_post with XSS protection.

Method of the class: WC_Helper_Sanitization{}

No Hooks.

Returns

Array. Array of allowed SVG tags and their attributes.

Usage

$result = WC_Helper_Sanitization::wc_kses_safe_svg_tags();

WC_Helper_Sanitization::wc_kses_safe_svg_tags() code WC 10.3.3

woocommerce/includes/admin/helper/class-wc-helper-sanitization.php 
public static function wc_kses_safe_svg_tags() {
	// SVG elements and attributes - security focused.
	return array(
		'svg'            => array(
			'class'               => true,
			'aria-hidden'         => true,
			'aria-labelledby'     => true,
			'role'                => true,
			'xmlns'               => true,
			'width'               => true,
			'height'              => true,
			'viewbox'             => true,
			'viewBox'             => true,
			'preserveAspectRatio' => true,
			'fill'                => true,
			'stroke'              => true,
			'stroke-width'        => true,
			'stroke-linecap'      => true,
			'stroke-linejoin'     => true,
			// Explicitly exclude dangerous attributes.
			'onload'              => false,
			'onclick'             => false,
		),
		'g'              => array(
			'fill'      => true,
			'transform' => true,
			'stroke'    => true,
		),
		'title'          => array(
			'title' => true,
		),
		'path'           => array(
			'd'               => true,
			'fill'            => true,
			'transform'       => true,
			'stroke'          => true,
			'stroke-width'    => true,
			'stroke-linecap'  => true,
			'stroke-linejoin' => true,
		),
		'polyline'       => array(
			'points'       => true,
			'fill'         => true,
			'stroke'       => true,
			'stroke-width' => true,
		),
		'polygon'        => array(
			'points'       => true,
			'fill'         => true,
			'stroke'       => true,
			'stroke-width' => true,
		),
		'circle'         => array(
			'cx'           => true,
			'cy'           => true,
			'r'            => true,
			'fill'         => true,
			'stroke'       => true,
			'stroke-width' => true,
		),
		'rect'           => array(
			'x'            => true,
			'y'            => true,
			'width'        => true,
			'height'       => true,
			'fill'         => true,
			'stroke'       => true,
			'stroke-width' => true,
			'rx'           => true,
			'ry'           => true,
		),
		'line'           => array(
			'x1'           => true,
			'y1'           => true,
			'x2'           => true,
			'y2'           => true,
			'stroke'       => true,
			'stroke-width' => true,
		),
		'defs'           => array(),
		'linearGradient' => array(
			'id'            => true,
			'x1'            => true,
			'y1'            => true,
			'x2'            => true,
			'y2'            => true,
			'gradientUnits' => true,
		),
		'radialGradient' => array(
			'id'            => true,
			'cx'            => true,
			'cy'            => true,
			'r'             => true,
			'gradientUnits' => true,
		),
		'stop'           => array(
			'offset'       => true,
			'stop-color'   => true,
			'stop-opacity' => true,
			// Remove style which can contain JavaScript.
			'style'        => false,
		),
		// Removed potentially risky elements.
		// 'use' - can reference external content.
		// 'mask' - not commonly needed and adds complexity.
	);
}