Title: filter working code example + disallowed risk reference
Last modified: July 30, 2019

---

# filter working code example + disallowed risk reference

 *  Resolved [Yggy](https://wordpress.org/support/users/yggydrasil/)
 * (@yggydrasil)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/filter-working-code-example-disallowed-risk-reference/)
 * Hi,
    We use Safe SVG to make svg possible in a site with `<object>` tags, currently
   in development on our internal network. `<object data="/wp-content/uploads/2019/
   07/wheel.svg"></object>`
 * Our svg uses anchor links to other parts of our site, Illustrator default uses
   xlink:href tags.
    `<a xlink:href="#anchor">` When those links are used, the object
   is seen as an iframe and will load the content of the link inside the object 
   space. To resolve that I edited the svg after output of Illustrator. Changed 
   xlink:href to href (since it will be deprecated in future version of svg) and
   added `target="_top"` to open the link outside of the object. But the target 
   attribute gets sanitized out of the svg by Safe SVG.
 * According to your faq, you can allow attributes and tags with svg_allowed_attributes
   and svg_allowed_tags filters.
    I know the code has to be put inside the functions.
   php of the used (child)theme, but I have no clue what to code in the `// Do what
   you want here...` part.
 * Currently I edited `/wp-content/plugins/safe-svg/lib/vendor/enshrined/svg-sanitize/
   src/data/AllowedAttributes.php` to allow the target attribute due to lack of 
   knowledge of using the filter. Not wise with future version updates, but it works
   for the moment.
 * My questions:
    - Can you perhaps show a complete working code example of allowing the target
      attribute?
    - Do you perhaps have a reference of the disallowed tags and attributes with
      the related risks when allowed?
 * Kind regards,
    Yggy

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Contributor [Daryll Doyle](https://wordpress.org/support/users/enshrined/)
 * (@enshrined)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/filter-working-code-example-disallowed-risk-reference/#post-11782683)
 * Hi [@yggydrasil](https://wordpress.org/support/users/yggydrasil/),
 * I’ve just updated the readme with better documentation of how to use these filters.
   Basically, it has to return an array and therefore as long as you return an array,
   there will be no issue.
 *     ```
       add_filter( 'svg_allowed_attributes', function ( $attributes ) {
   
           // Do what you want here...
   
           // This should return an array so add your attributes to
           // to the $attributes array before returning it. E.G.
   
           $attributes[] = 'target'; // This would allow the target="" attribute.
   
           return $attributes;
       } );
       ```
   
 * This will enable your target attribute.
 * In regards to the disallowed tags, that’s not something I keep track of, outside
   of the sanitiser repository and my local notes. If you’d like to see the allowed
   tags, feel free to dive into the code where you’ll find them.
 * Regards,
    Daryll
    -  This reply was modified 6 years, 10 months ago by [Daryll Doyle](https://wordpress.org/support/users/enshrined/).
 *  Thread Starter [Yggy](https://wordpress.org/support/users/yggydrasil/)
 * (@yggydrasil)
 * [6 years, 10 months ago](https://wordpress.org/support/topic/filter-working-code-example-disallowed-risk-reference/#post-11783188)
 * Hi Daryll,
 * Thank you for updating the FAQ and add a working code example here!
 * The allowed tags and attributes were easily found in the code, where I did the
   edit myself. Regarding the reference it was more why the current disallowed tags
   and attributes are a risk.
 * Like for the target attribute I couldn’t find (search parameters for) resources
   why it is a risk. I assume you did research which to allow and which to disallow.
   Reason why I asked. 😉
 * Anyway, thanks.
 * Kind regards,
    Yggy

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘filter working code example + disallowed risk reference’ is closed to
new replies.

 * ![](https://ps.w.org/safe-svg/assets/icon.svg?rev=2779013)
 * [Safe SVG](https://wordpress.org/plugins/safe-svg/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/safe-svg/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/safe-svg/)
 * [Active Topics](https://wordpress.org/support/plugin/safe-svg/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/safe-svg/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/safe-svg/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [Yggy](https://wordpress.org/support/users/yggydrasil/)
 * Last activity: [6 years, 10 months ago](https://wordpress.org/support/topic/filter-working-code-example-disallowed-risk-reference/#post-11783188)
 * Status: resolved