[wp-trac] [WordPress Trac] #30920: Add support for JavaScript templates (Underscore) to wp_kses()
WordPress Trac
noreply at wordpress.org
Mon Jan 5 20:50:32 UTC 2015
#30920: Add support for JavaScript templates (Underscore) to wp_kses()
---------------------------+-----------------------------
Reporter: stevegrunwell | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Themes | Version: trunk
Severity: normal | Keywords:
Focuses: template |
---------------------------+-----------------------------
When working with Backbone/Underscore templates, `wp_kses()` will mangle
placeholders like `<%`, `<%=`, and `<%-`.
'''Example:'''
{{{
$string = '<div id="post-<%- ID %>"><%= title %></div>';
$allowed_tags = array(
'div' => array(
'id' => true
)
);
$result = wp_kses( $string, $allowed_tags );
}}}
My expected result would be the same as `$string`:
{{{
<div id="post-<%- ID %>"><%= title %></div>
}}}
However, the actual result is mangled:
{{{
<div id="post-"></div>
}}}
'''Use-case for this enhancement:'''
Ajax-powered widgets and blocks (including those used within WordPress
core) that want to offer filters for developers to use while safely
escaping the potentially-filtered HTML of the templates before printing
them to the screen.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30920>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list