Support

Admin Tools

#33586 htaccessmaker disable inline JavaScript when directly opening SVG files

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by on Saturday, 26 September 2020 01:17 CDT

Wednesday, 26 August 2020 07:55 CDT

wynchcote

Hi,

Yesterday I updated sites following the release of Joomla 3.9.21.

There was a Post Installation Message (see image) which recommended adding a script to the .HTACCESS file.

Purpose of the script: to disable inline JavaScript when directly opening SVG files or embedding them with the object-tag.

I have just checked the HTACCESS file created using HTACCESSMAKER and cannot see such a script already exists.

When I check the HTACCESSMAKER settings screen in ADMIN TOOLS, I cannot see an option to add such a script.

Is the script needed if a website is protected by Admin Tools?

Do you recommend adding the script using the fields in HTACCESSMAKER settings screen, if yes, which field?

Will the next release of Admin Tools include the script recommended by Joomla! Project?

Many thanks,

Ken :)

Edited by on 2020-09-26 01:45 CDT

Wednesday, 26 August 2020 09:06 CDT

tampe125

Hello,

that's not really needed, unless you are allowing arbitrary uploads of SVG files which can be used by untrusted people to create embed objects in HTML. For the records, Joomla 3 does not allow uploading SVG files unless you explicitly tell it so.

If your really need such rule, you can always add it as custom rule in the Htaccess Maker page.

Finally we are not including this because Joomla 4 already has Content Security Policy management and including that code in .htaccess might result in an invalid CSP for the site with indeterminate results.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 26 August 2020 09:55 CDT

wynchcote

OK Davide,

Thanks for your very quick reply to my query.

Best wishes,

Ken :)

Wednesday, 26 August 2020 10:31 CDT

tampe125

You're welcome!

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Saturday, 26 September 2020 01:17 CDT

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2020-09-26 01:17 CDT

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!