Don't do this:
/**
* Enable SVG mime types.
*
* @param array $mimes Current allowed mime types.
* @return array Updated allowed mime types.
*/
function prfx_custom_mime_types( $mimes ) {
$mimes['svg'] = 'image/svg+xml';
$mimes['svgz'] = 'image/svg+xml';
return $mimes;
}
add_filter( 'upload_mimes', 'prfx_custom_mime_types' );Why not? Because SVG files are dangerous. Because they are XML documents, and can therefore be scripted. If it can be scripted, it can be used for XSS.
Read "Active Content Injection with SVG Files" presentation PDF: https://www.owasp.org/images/0/03/Mario_Heiderich_OWASP_Sweden_The_image_that_called_me.pdf
Here is a very old and running Core discussion about allowing SVG support, and why it isn't currently supported (because of very real and valid security concerns): https://core.trac.wordpress.org/ticket/24251
Here is an excellent article regarding adding SVG's to WordPress, and why you shouldn't: https://www.bjornjohansen.no/svg-in-wordpress
The issue is also touched upon here: https://kinsta.com/blog/wordpress-svg/
The only solution I would advise, until either Core provides direct support, or until a better solution becomes available, is to use the Safe SVG plugin: https://wordpress.org/plugins/safe-svg/