[buddypress-trac] [BuddyPress Trac] #5835: Allow a few more tags/attr on bp allowed tags filter.
buddypress-trac
noreply at wordpress.org
Tue Aug 26 14:14:17 UTC 2014
#5835: Allow a few more tags/attr on bp allowed tags filter.
-------------------------+------------------
Reporter: hnla | Owner:
Type: enhancement | Status: new
Priority: low | Milestone: 2.2
Component: Core | Version:
Severity: minor | Resolution:
Keywords: needs-patch |
-------------------------+------------------
Changes (by boonebgorges):
* milestone: Awaiting Review => 2.2
Comment:
> without it in this sort of context i.e outside external styles where
only inline styles would be applicable, it's fairly useless,
I don't know about that. I've seen plenty of places where people use this
kind of selector:
{{{
div.some-specific-class-name > span {
}}}
That suggests that a span alone could be useful in some cases.
I'm pretty sure the motivation for not allowing this attributes is, in
part, that we don't see an obvious need to allow users to manually enter
this kind of HTML into a status update. That said, *all* activity passes
through these filters, not just status updates - so we should be more
sensitive to the possibility that fully-formed markup may be provided in
some cases.
On the other hand, we don't allow the 'style' attribute in any of our
allowed_tags filters, and there are good reasons why we may want to leave
this as the default. The activity stream should act like a "controlled"
area. For example, in the case of blog posts, we strip inline images, and
use the first image in the post (or the featured image) as a leader in the
activity content. We do this to maintain uniformity in the appearance of
the activity stream. Permitting BP components (or, heaven forbid, users)
to send arbitrary styling into the activity stream seems like it's asking
for trouble. Would you want an activity item's content to contain 64px
pink Comic Sans letters?
So, in the case of 'span', I'm leaning toward leaving it as is. I'd
welcome another dev's opinion, though.
hnla - Feel free to write up a patch for the other tags, and we can at
least take care of that early in 2.2.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5835#comment:4>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list