[wp-trac] [WordPress Trac] #12394: kses removes valid attribute from xhtml elements
WordPress Trac
wp-trac at lists.automattic.com
Fri Feb 26 21:17:33 UTC 2010
#12394: kses removes valid attribute from xhtml elements
--------------------------+-------------------------------------------------
Reporter: dougal | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Formatting | Version:
Severity: normal | Keywords: has-patch, tested, kses, xhtml, html
--------------------------+-------------------------------------------------
There is an edge-case which can cause kses to discard the last attribute
of an empty XHTML element, if the closing slash is not preceded by a
space.
Example:
input = `<img src='foo.jpg' bogus='disallowed attr' alt='my image'/>`
output = `<img src='foo.jpg'/>`
expected = `<img src='foo.jpg' alt='my image'/>`
The problem is that kses assumes that the closing slash on an XHTML
element will always be preceded by a space. While the space is recommended
for backwards compatibility with HTML4, it is not strictly required.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12394>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list