I recently discovered an opportunity to address a potential security vulnerability.
We want to be able to use svg files uploaded to prismic inline so that we can style them with CSS.
But we also need to ensure the highest level of security is present for our users.
We are currently employing a custom script to clean the output of the uploaded SVG client-side. But it would be ideal to have the assurance that there are checks on the server side.
Alternatively, it would be excellent to be able to run custom scripts when media is uploaded - to optimize images, PDFs and the like. Then we would be empowered to clean the files ourselves.