The Prismic blog Product announcements, news, and thoughts on content management & software development from the Prismic team

Writing Room

September 11,2020

Changes to how we handle SVG's

We have recently disabled the use of SVGs with the Imgix integration. The reasoning behind this is because of security vulnerabilities with SVGs, in that they can be injected with JS which could cause malicious behavior on your websites. Another reason for this decision is because the Imgix query parameters have no effect on SVGs. So from now on SVGs will be treated as files rather than images and because of this they will not be delivered from the the domain images.prismic, they will now come from our Amazon servers. The Team thought this change would not result in any breaking changes, but one case we didn’t foresee was people currently with SVGs and query params who update their documents and this is why we didn't communicate this earlier. This is our bad and we should have been more thorough in our testing.

By Phil Snow