[wp-trac] [WordPress Trac] #29613: Arbitrary Customizer control input type support can cause unexpected output in custom controls
WordPress Trac
noreply at wordpress.org
Thu Sep 18 04:46:00 UTC 2014
#29613: Arbitrary Customizer control input type support can cause unexpected output
in custom controls
------------------------------+-------------------------------
Reporter: celloexpressions | Owner: celloexpressions
Type: defect (bug) | Status: assigned
Priority: low | Milestone: 4.0.1
Component: Customize | Version: 4.0
Severity: trivial | Resolution:
Keywords: has-patch | Focuses:
------------------------------+-------------------------------
Changes (by celloexpressions):
* keywords: needs-patch => has-patch
Comment:
[attachment:29613.diff] implements a whitelist of allowed types for the
`<input>` element, to avoid rendering stuff in unexpected situations. It's
way less elegant, but since there was a change in behavior here, something
we should consider. I'm surprised WordPress.com didn't run into this,
given some of the custom controls they have. The whitelist is based on the
type attribute values listed here: http://www.w3.org/TR/html51/forms.html
#the-input-element.
I don't know that I would want to change this after 4.0.1, as devs will
start expecting/relying on the current way it works, especially in the
context of potential future improvements like #29572.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29613#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list