[wp-trac] [WordPress Trac] #54488: wp_filter_nohtml_kses does not remove HTML comments
WordPress Trac
noreply at wordpress.org
Thu Feb 23 20:32:17 UTC 2023
#54488: wp_filter_nohtml_kses does not remove HTML comments
--------------------------------------+-----------------------
Reporter: leewillis77 | Owner: audrasjb
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 6.2
Component: Formatting | Version: 2.1
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses: docs
--------------------------------------+-----------------------
Comment (by SergeyBiryukov):
Thanks for the PR!
The new `$allowed_comments` parameter seems a bit confusing to me.
Compared with `$allowed_html` and `$allowed_protocols` it sounds like it
would allow different types of comments, but that is not the case.
Taking a step back and looking at the ticket description:
> The documentation states that `wp_filter_nohtml_kses()`
>
> "Strips all HTML from a text string."
>
> However, in reality, HTML comments are preserved. This seems to be an
explicit choice (wp_kses_split2() - L1083 of wp-includes/kses.php but
seems at odds with the documentation, and also with the expectations of a
function named "nohtml".
Should the documentation perhaps be adjusted instead to note that comments
are preserved and this is an explicit choice? I believe that can still be
done for 6.2.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54488#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list