[wp-trac] [WordPress Trac] #57321: Global Styles: Block spacing values are not saved if user does not have unfiltered_html capability
WordPress Trac
noreply at wordpress.org
Tue Dec 13 05:07:46 UTC 2022
#57321: Global Styles: Block spacing values are not saved if user does not have
unfiltered_html capability
--------------------------+-----------------------------
Reporter: andrewserong | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Editor | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
This issue was already raised in Gutenberg over in:
https://github.com/WordPress/gutenberg/issues/45520. A fix has landed in
Gutenberg in https://github.com/WordPress/gutenberg/pull/46388. This trac
issue exists to ensure that the fix is backported to core.
To recap: for users without the unfiltered_html capability (e.g. an Admin
user within a multi site WordPress instance), when saving custom block
spacing values within global styles, the value is stripped on save.
This is due to the blockGap value not being factored in within the theme
JSON class's `remove_insecure_styles` function, which currently only
validates styles that are output via `compute_style_properties`.
The proposed fix that landed in Gutenberg is to also support indirect
values in `remove_insecure_styles`, that is — values that will be output
separately to `compute_style_properties`. For these values, a list of
approved CSS properties is included, to be used for testing whether or not
a value is allowed.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57321>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list