=== SVG Upload Support ===
Contributors: snehalpancholi
Tags: svg, upload, media, sanitize, security
Requires at least: 6.0
Tested up to: 6.7
Requires PHP: 8.1
Stable tag: 1.0.0
License: GPL-2.0+
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Allow trusted user roles to upload SVG files with automatic sanitization to remove scripts and unsafe elements.

== Description ==

SVG Upload Support gives WordPress administrators control over who can upload SVG files and ensures every uploaded SVG is automatically sanitized before it is stored — removing scripts, event handlers, javascript: URIs, and other potential attack vectors.

**Features:**

* Role-based SVG upload permission — choose exactly which roles can upload SVGs
* Automatic sanitization on every upload (removes scripts, event attributes, iframes, foreign objects, and javascript: URIs)
* SVG preview in the Media Library grid
* DOMDocument-based parser — handles malformed SVGs gracefully
* Settings under Settings → SVG Upload Support
* Automatic updates from AddonLogic update server

**Security measures:**

* Strips `<script>` elements
* Removes all `on*` event handler attributes
* Removes `javascript:` and `data:text/html` URI schemes
* Removes `<iframe>`, `<object>`, `<embed>`, `<foreignObject>` elements
* Removes PHP processing instructions
* Strips CSS `expression()` values from style attributes

== Installation ==

1. Upload the `svg-upload-support` folder to `/wp-content/plugins/`
2. Activate the plugin through the **Plugins** menu
3. Configure allowed roles at **Settings → SVG Upload Support**

== Frequently Asked Questions ==

= Can I allow Authors to upload SVGs? =
Yes. Enable the Author role on the settings page. Only roles you explicitly check will be permitted.

= Is sanitization mandatory? =
No, but it is strongly recommended. Unclean SVGs can carry XSS payloads. The sanitize option is enabled by default.

= Does this fix the SVG thumbnail issue in the Media Library? =
Yes. The plugin provides SVG file URLs as the preview image source, so SVGs appear as images rather than broken thumbnails.

= Will my theme render SVGs? =
SVGs uploaded via this plugin are stored as standard WordPress media attachments and can be used anywhere a regular image can — in content, featured image slots, and widgets.

== Changelog ==

= 1.0.0 =
* Initial release.

== Screenshots ==

1. Settings page — role selection and sanitization options.
2. SVG files visible as thumbnails in the Media Library grid.
