[wp-trac] [WordPress Trac] #46889: kses allow data: protocol in wp_allowed_protocols

WordPress Trac noreply at wordpress.org
Fri Apr 12 07:32:30 UTC 2019

#46889: kses allow data: protocol in wp_allowed_protocols
 Reporter:  nextendweb   |      Owner:  (none)
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  General      |    Version:
 Severity:  normal       |   Keywords:
  Focuses:               |
 It is getting common to use inline base64 encoded images to minimalize
 request count. It would be great if WordPress' kses would allow to use the
 data: protocol in src attributes.

 Example where the data: protocol get removed:
 echo wp_kses_post('<img
 alt="Slider" />');

 Suggested code change:
 function wp_allowed_protocols() {
         static $protocols = array();

         if ( empty( $protocols ) ) {
                 $protocols = array( 'http', 'https', 'ftp', 'ftps',
 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms',
 'rtsp', 'svn', 'tel', 'fax', 'xmpp', 'webcal', 'urn', 'data');

         if ( ! did_action( 'wp_loaded' ) ) {
                  * Filters the list of protocols allowed in HTML
                  * @since 3.0.0
                  * @param array $protocols Array of allowed protocols e.g.
 'http', 'ftp', 'tel', and more.
                 $protocols = array_unique( (array) apply_filters(
 'kses_allowed_protocols', $protocols ) );

         return $protocols;

Ticket URL: <https://core.trac.wordpress.org/ticket/46889>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list