[wp-trac] [WordPress Trac] #58377: wp_kses filters custom block name with consecutive hyphens

WordPress Trac noreply at wordpress.org
Tue May 23 08:08:59 UTC 2023 

#58377: wp_kses filters custom block name with consecutive hyphens
--------------------------+-----------------------------
 Reporter:  munezero999   |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Formatting    |    Version:  6.1.1
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 == Description
 I worked on a WordPress multisite and administrators cannot edit custom
 blocks containing consecutive hyphens, but only super administrators. This
 problem occurs after an administrator registers a page containing custom
 blocks.

 I found that the reason was that WordPress filters HTML content (wp_kses)
 created by an administrator for security reasons. It prevents the use of
 multiple dashes in custom block name. Ex: "custom-blocks/contact-form---
 input" is renamed "custom-blocks/contact-form-input".

 In my company, we use dashes ("---") in block name to specify the relation
 between parent and children blocks. This is really helpful for us. Hence
 my question, **would it be possible to allow multiple dashes in the name
 of blocks?**

 == Alternative solution
 For the moment, we gave the administrators the capability
 "unfiltered_html". So they can edit the different blocks.

 == Expected behavior
 Allow multiple dashes in block names. Ex: "custom-blocks/contact-form---
 input"

 == Step-by-step reproduction instructions
 - Create a custom block with a block name that includes consecutive
 hyphens. (e.g. custom-blocks/contact-form---input)
 - Insert this block and save the post.
 - Reload the edit screen.
 - The block is no longer editable. "Your site doesn't include support for
 the xxx"
 - In this case, the block name displayed in the core/missing block is
 abbreviated to a single hyphen. (e.g. custom-blocks/contact-form---input)

 The bug is reproducible on any site not necessarily multisite. In this
 case, you need to compare between an administrator and an author.

 [[Image(https://user-
 images.githubusercontent.com/48805054/225573533-f8889624-a7a7-4e1d-
 a7d2-0f1ae28abc5c.jpg)]]

 == Related GitHub issues
 - [https://github.com/WordPress/gutenberg/issues/49127]
 - [https://github.com/WordPress/gutenberg/issues/36339]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/58377>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list