Conversation
Add image-meta dependency and use it in the Sharp image service to detect input formats early. Special-case SVGs: SVG sources are blocked by default and will throw unless image.dangerouslyAllowSVG is enabled. Update ASTRO_CONFIG_DEFAULTS and schema to include dangerouslyAllowSVG (default false) and add the corresponding type docs to the public config. Also add a safe fallback to return the original buffer if format detection fails.
🦋 Changeset detectedLatest commit: ab3bb9d The changes in this PR will be included in the next version bump. Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
github-actions
Bot
added
pkg: astro
e18e dependency analysisNo dependency warnings found. |
Princesseuh
changed the title
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
delucis
left a comment
delucis
left a comment
There was a problem hiding this comment.
Code changes look fine — just left a thought about the flag naming.
| * This is disabled by default because SVG files can contain scripts and other active content. | ||
| * Enable this option only if you trust your SVG sources. | ||
| */ | ||
| dangerouslyAllowSVG?: boolean; |
There was a problem hiding this comment.
Bikeshed, but maybe this should be dangerouslyProcessSVG or dangerouslyRasterizeSVG? When this isn’t set users can still use SVGs right? It just doesn’t rasterize/process them in any way?
(Also could maybe be enabled by default in static sites where there’s no risk? But that might be confusing.)
There was a problem hiding this comment.
dangerouslyProcessSVG sounds great to me and would work if we ever enable sharp's SVG support
delucis
left a comment
delucis
left a comment
There was a problem hiding this comment.
Hah, I thought that sounded funny. OK, that change aligns more with what I’d understood 👍
4 participants
Changes
SVGs are always troublesome in the end and wanting to actually process them is so uncommon that it's best to leave it to the user.
I decided to put it on a global image option so that other services could also use it, but I'd be okay with it being a service config as well, it's ok
Testing
Added a test
Docs
WIP