[wp-trac] [WordPress Trac] #37085: $allowedposttags doesn't allow form inputs
WordPress Trac
noreply at wordpress.org
Mon Feb 20 09:00:25 UTC 2017
#37085: $allowedposttags doesn't allow form inputs
-------------------------------------------+-----------------------------
Reporter: wido | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Formatting | Version:
Severity: normal | Resolution:
Keywords: needs-patch reporter-feedback | Focuses:
-------------------------------------------+-----------------------------
Changes (by wido):
* keywords: needs-patch => needs-patch reporter-feedback
Comment:
I made this little function but need more re-search about all of the
allowed attributes.
Also, seems the '''form''' tag have missed the 'novalidate' attribute, but
I want to read the specs about it.
{{{
/**
* Sanitize content for allowed HTML tags for post content.
*
* Post content refers to the page contents of the 'post' type and not
$_POST
* data from forms.
*
* @param string $data Post content to filter
*
* @return string Filtered post content with allowed HTML tags and
attributes intact.
*/
function kses_post($data)
{
global $allowedposttags;
$tagsInputIncluded = array_merge($allowedposttags, [
'input' => [
'accept' => true,
'autocomplete' => true,
'autofocus' => true,
'checked' => true,
'class' => true,
'disabled' => true,
'id' => true,
'height' => true,
'min' => true,
'max' => true,
'minlenght' => true,
'maxlength' => true,
'name' => true,
'pattern' => true,
'placeholder' => true,
'readony' => true,
'required' => true,
'size' => true,
'src' => true,
'step' => true,
'type' => true,
'value' => true,
'width' => true,
],
]);
// Form attributes.
$tagsInputIncluded['form'] = array_merge($tagsInputIncluded['form'],
['novalidate' => true]);
return wp_kses($data, $tagsInputIncluded);
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37085#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list