[wp-trac] [WordPress Trac] #27858: Bug HTML onmouseover and onmouseout
WordPress Trac
noreply at wordpress.org
Sun Apr 27 15:03:42 UTC 2014
#27858: Bug HTML onmouseover and onmouseout
--------------------------+-------------------------
Reporter: TTBoS | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 3.9.1
Component: TinyMCE | Version: 3.9
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: javascript
--------------------------+-------------------------
Comment (by elliott-stocks):
I'm thinking because it worked pre 3.9 that it should be in the core. I've
added a new patch that uses the attributes you suggested :)
Replying to [comment:9 azaozz]:
> Replying to [comment:8 elliott-stocks]:
> > Should we allow all of the {{{on*}}} attributes for all elements if
the current user has unfiltered_html?
>
> Not sure that is a good idea. Unfortunately the browsers in
contneteditable mode still run JS added with these attributes.
>
> The patch works however as all attributes for images are replaced, it
should include all (HTML 4 and 5) attributes. I'm still 50/50 whether this
should be patched in core or should be left for plugins to do. A typical
plugin would be something like:
>
> {{{
> add_filter( 'tiny_mce_before_init', 'my_mce_init', 20 );
> function my_mce_init( $init ) {
> if ( current_user_can('unfiltered_html') ) {
> if ( ! empty( $init['extended_valid_elements'] ) ) {
> $init['extended_valid_elements'] .= ',';
> } else {
> $init['extended_valid_elements'] = '';
> }
>
> $init['extended_valid_elements'] .=
'img[id|accesskey|class|dir|lang|style|tabindex|title|contenteditable|contextmenu|draggable|dropzone|hidden|spellcheck|translate|src|alt=|usemap|ismap|width|height|name|longdesc|align|border|hspace|vspace|crossorigin|onmouseover|onmouseout]';
> }
>
> return $init;
> }
> }}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27858#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list