Devs! Try out Prismic's new onboarding and get $50 on us! 🎁Apply Now
Prismic Announcements
·2 min read

Changes to how we handle SVG's

We have recently disabled the use of SVGs with the Imgix integration. The reasoning behind this is because of security vulnerabilities with SVGs, in that they can be injected with JS which could cause malicious behavior on your websites. Another reason for this decision is because the Imgix query parameters have no effect on SVGs.

So from now on SVGs will be treated as files rather than images and because of this they will not be delivered from the the domain images.prismic, they will now come from our Amazon servers. The Team thought this change would not result in any breaking changes, but one case we didn’t foresee was people currently with SVGs and query params who update their documents and this is why we didn't communicate this earlier. This is our bad and we should have been more thorough in our testing.

We realize this causes a huge headache for some users. We are trying to perform checks to see how many users may have been affected. We can only apologize about this and promise that we are putting in place processes so that this doesn’t happen again.

What does this mean for you in practical terms?
For any pages that were using SVGs that you want to update, you will need either replace your SVGs with another image format or create a workaround in your web application that checks which server the URL string is coming from and does not apply query params based off of that. Like so...

function modifyImageUrl(imageUrl) {
  function includesMatch(lookupValue, urlString) {
    const re = new RegExp(lookupValue, 'i');
    return urlString.match(re) !== null;
  }
  if (includesMatch("images.prismic", imageUrl)) {
	return `${imageUrl}&h=60&dpr=2`;
  }
  return imageUrl;
}
const imageUrl = modifyImageUrl(document.data.imageField.url)

We know that this sucks and realize that this may be short notice for some users, but we are working hard to make sure nothing like this will happen again.

Article written by

Phil Snow

One of the education team, who lives the phrase "every day is a school day".

More posts

Join the discussion

Hit your website goals

Websites success stories from the Prismic Community

How Arcadia is Telling a Consistent Brand Story

Read Case Study

How Evri Cut their Time to Ship

Read Case Study

How Pallyy Grew Daily Visitors from 500 to 10,000

Read Case Study