[wp-trac] [WordPress Trac] #44044: $allowed_tags and $allowed_protocols in wp_privacy_generate_personal_data_export_group_html not filterable.
WordPress Trac
noreply at wordpress.org
Fri Jun 22 20:04:01 UTC 2018
#44044: $allowed_tags and $allowed_protocols in
wp_privacy_generate_personal_data_export_group_html not filterable.
------------------------------------------+---------------------
Reporter: TZ Media | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.9.8
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution:
Keywords: gdpr has-patch needs-testing | Focuses:
------------------------------------------+---------------------
Comment (by desrosj):
@TZ Media good catch on this. I am wondering if massaging this to use
`wp_kses_allowed_html()` and `wp_allowed_protocols()` is a better approach
than introducing two new filters.
I think the the `$allowedtags` list in `wp_kses_allowed_html()` is a
pretty basic list we may be able to utilize. Allowing basic formatting
tags could potentially open the door for plugins to style the export
files, and these tags could indicate important structural aspects of the
data (`acronym`, `cite`, or `abbr`, for example) and may be better left in
the export.
Incoming patch with this approach for thoughts and testing.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44044#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list