[wp-trac] [WordPress Trac] #30421: Add ARIA attributes to globally permitted HTML attributes in kses

WordPress Trac noreply at wordpress.org
Wed Oct 21 17:20:20 UTC 2015


#30421: Add ARIA attributes to globally permitted HTML attributes in kses
-------------------------------------+-------------------------------------
 Reporter:  jwenerd                  |       Owner:  jorbin
     Type:  enhancement              |      Status:  assigned
 Priority:  normal                   |   Milestone:  Future Release
Component:  Formatting               |     Version:
 Severity:  normal                   |  Resolution:
 Keywords:  kses needs-patch needs-  |     Focuses:  accessibility,
  unit-tests early                   |  administration
-------------------------------------+-------------------------------------

Comment (by miqrogroove):

 Replying to [comment:15 jorbin]:
 > Punting.  Someone still needs to do some research to show that aria
 attributes can't be used to create security issues (yes, I know proving a
 negative is hard)

 For the record, our standard for entry is significantly higher than that.
 The KSES whitelist is used to allow only the elements and attributes that
 should be used in anonymous comments {{{$allowedtags}}} or in non-
 administrative posts by contributors {{{$allowedposttags}}}.

 In addition to safety, we need a convincing argument that a proposed entry
 is needed for one of those author groups.

 For the proposed ARIA feature, specifically, I see no reason why this
 would ever be used in anonymous comments.  It is neither needed nor
 desirable in most situations.  According to the ticket description "This
 would be helpful so that users without the unfiltered_html capability
 could use ARIA within their content. I can do this with a plugin."  I
 would like to know in what situation is this actually useful?  Who has
 non-admin contributors that are trying to use ARIA?  Is a plugin not
 adequate for those who need this feature?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/30421#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list