[wp-trac] [WordPress Trac] #54261: KSES: Allow PDFs to be embed as objects
WordPress Trac
noreply at wordpress.org
Thu Oct 14 01:56:03 UTC 2021
#54261: KSES: Allow PDFs to be embed as objects
-------------------------+-------------------------------------------------
Reporter: pento | Owner: pento
Type: enhancement | Status: assigned
Priority: normal | Milestone: 5.9
Component: Formatting | Version:
Severity: normal | Keywords: has-patch 2nd-opinion needs-testing
Focuses: |
-------------------------+-------------------------------------------------
[https://make.wordpress.org/core/2021/04/30/whats-new-in-
gutenberg-10-5-28-april/ Gutenberg 10.5] added the ability to display PDFs
as embeds, but made use of the `<object>` tag, which KSES doesn't allow.
It's certainly not feasible to allow `<object>` tags without limitations:
while most of the original problematic uses of it are no longer supported
in browsers (Java applets, ActiveX, Flash, etc), it would be challenging
to prove that there are no potential security issues with allowing it for
all object types.
Instead, this change allows the `<object>` tag ''only'' when it has a
`type` attribute set to `application/pdf`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54261>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list