[wp-trac] [WordPress Trac] #27858: Bug HTML onmouseover and onmouseout
WordPress Trac
noreply at wordpress.org
Fri Aug 1 18:44:04 UTC 2014
#27858: Bug HTML onmouseover and onmouseout
--------------------------+-------------------------
Reporter: TTBoS | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 4.0
Component: TinyMCE | Version: 3.9
Severity: normal | Resolution:
Keywords: | Focuses: javascript
--------------------------+-------------------------
Comment (by azaozz):
Considering the security aspect, I'm starting to think this should be a
"plugin material". Two reasons:
- These attributes are currently disabled (in 3.9).
- Legitimate uses seem very rare.
I've only heard of two user cases:
- Rollover images that can probably be done from CSS or from a dedicated
plugin that handles the `onmouseover` storing/restoring on
`editor.on('getContent', ...)`.
- Capture clicks on links for SEO that should probably be handled
"globally" from a dedicated script.
> I wonder if there's something that could also be done upstream to make
this less "kudgy" on our end.
Yeah, talked to the TinyMCE developers about that too. There is a private
method in MCE that can add more "valid attributes" to the schema, would
take some work to make it into a public method. Seems it would be worth
it, will submit a patch.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27858#comment:21>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list