[wp-trac] [WordPress Trac] #24157: safecss_filter_attr doesn't allow rgb() in inline styles
WordPress Trac
noreply at wordpress.org
Mon Apr 22 16:30:45 UTC 2013
#24157: safecss_filter_attr doesn't allow rgb() in inline styles
-----------------------------+--------------------------
Reporter: joehoyle | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Formatting
Version: 3.5.1 | Severity: normal
Keywords: |
-----------------------------+--------------------------
I thought there should be a ticket somewhere, but I couldn't find it!
So, `safecss_filter_attr` (which is used in `wp_kses` etc, does not allow
inline styles that include rgba() etc, like his:
{{{<span style="background: rgb(0,0,0)"></span>}}}
I am not sure if this is intended, though not sure why it would be, there
is a comment in `safecss_filter_attr`
{{{if ( preg_match( '%[\\(&=}]|/\*%', $css ) ) // remove any inline css
containing \ ( & } = or comments}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24157>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list