[wp-trac] [WordPress Trac] #35395: Provide a better gateway for code-based theme customizations with the Customizer

WordPress Trac noreply at wordpress.org
Tue Jan 12 23:04:18 UTC 2016


#35395: Provide a better gateway for code-based theme customizations with the
Customizer
------------------------------+------------------
 Reporter:  celloexpressions  |       Owner:
     Type:  feature request   |      Status:  new
 Priority:  normal            |   Milestone:  4.5
Component:  Customize         |     Version:
 Severity:  normal            |  Resolution:
 Keywords:  needs-patch       |     Focuses:
------------------------------+------------------
Changes (by ocean90):

 * keywords:  has-patch => needs-patch


Comment:

 > We should absolutely sanitize the input.

 We've to validate and sanitize on input and output. Twenty Fifteen had
 stored unfiltered CSS but it got removed, see #30409 for background.

 `wp_filter_nohtml_kses()`/`wp_strip_all_tags` are not enough for this use
 case. For inspiration you should take a look at
 [https://make.wordpress.org/community/tag/jetpack-css-editor/ Remote CSS
 Plugin], source available at
 https://meta.trac.wordpress.org/browser/sites/trunk/wordcamp.org/public_html
 /wp-content/plugins/wordcamp-remote-css.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/35395#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list