[wp-trac] [WordPress Trac] #29998: kses.php fails to sanitize Outlook HTML content correctly
WordPress Trac
noreply at wordpress.org
Thu Oct 16 06:28:44 UTC 2014
#29998: kses.php fails to sanitize Outlook HTML content correctly
--------------------------+------------------------------
Reporter: hmoore71 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.0
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by nacin):
kses is about filtering for security purposes, not for cleaning it up. If
you use something like the "Paste from Word" TinyMCE button, you should be
in much better shape.
Also, editors and administrators have the ability to post HTML unfiltered.
If commenting out this line helps you (note: major security concerns!)
then it means that unfiltered HTML is fine.
If we're actually breaking the HTML somehow, could you
screenshot/upload/post an example?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29998#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list