[wp-trac] [WordPress Trac] #44044: $allowed_tags and $allowed_protocols in wp_privacy_generate_personal_data_export_group_html not filterable.
WordPress Trac
noreply at wordpress.org
Fri Mar 8 22:04:58 UTC 2019
#44044: $allowed_tags and $allowed_protocols in
wp_privacy_generate_personal_data_export_group_html not filterable.
---------------------------------------------+-----------------------------
Reporter: TZ Media | Owner: garrett-
| eclipse
Type: enhancement | Status: closed
Priority: normal | Milestone: 5.2
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests commit | Focuses:
---------------------------------------------+-----------------------------
Changes (by desrosj):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"44824" 44824]:
{{{
#!CommitTicketReference repository="" revision="44824"
Privacy: Be less restrictive of the HTML tags allowed in user data
exports.
Previously, only `a` and `br` tags were allowed in the `value` table cell
for each field included in the HTML file generated when a user is
exporting their personal data. Instead of relying on a hardcoded list of
allowed tags, the `wp_kses()` call in
`wp_privacy_generate_personal_data_export_group_html()` will now fallback
to the default list of allowed tags (which includes `i`, `strong`, `em`,
and other basic HTML formatting tags).
Also, a new context of `personal_data_export` will now be passed to the
`wp_kses()` call. As a result, the list of HTML tags and attributes
allowed in the export file can now be filtered using the
`wp_kses_allowed_html` filter and checking for the `personal_data_export`
context.
Fixes #44044.
Props tz-media, desrosj, pento, birgire, garrett-eclipse.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44044#comment:34>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list