[wp-trac] [WordPress Trac] #45067: Add CSS URL sanitization to kses.

WordPress Trac noreply at wordpress.org
Tue Oct 9 01:17:56 UTC 2018

#45067: Add CSS URL sanitization to kses.
 Reporter:  peterwilsoncc  |      Owner:  (none)
     Type:  enhancement    |     Status:  new
 Priority:  normal         |  Milestone:  5.0
Component:  Editor         |    Version:
 Severity:  normal         |   Keywords:  needs-patch
  Focuses:                 |
 Kses allows author and contributor level users to add images via HTML,
 passing the sources through some error checking and sanitization.

 Neither authors or contributors can add background images via CSS as any
 style attributes containing brackets (and several other characters) are
 stripped out.

 Basic CSS santization for URLs needs to be added to allow unprivileged
 users to use the cover image block in the new editor.

 Related to [https://github.com/WordPress/gutenberg/issues/2539 Gutenberg
 issue 2539].

Ticket URL: <https://core.trac.wordpress.org/ticket/45067>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list